Scan the machine

sudo nmap -sC -sV -sS -O -A -oN nmap.txt --min-rate=1000 -Pn -p 22,80 --open 10.129.227.93

image.png

go to website

image.png

Now let’s go and intercept the request

image.png

As we see we manged to get invalid password

Let’s change the content type to JSON

image.png

As we see we still getting invalid password that validates the backend accepts the JSON content type

let’s change the password to true

image.png

As we see we managed to get a valid token

Now let’s continue to the application

image.png

As we see we managed to login to the application and got two files user.txt and homedirectory.zip files

Now let’s download the user file

image.png

As we see we managed to get the flag