TryHackMe: Advent of Cyber 2023 (Day 4) Baby, it’s CeWLd outside

“The AntarctiCrafts company, globally renowned for its avant-garde ice sculptures and toys, runs a portal facilitating confidential communications between its employees stationed in the extreme environments of the North and South Poles. However, a recent security breach has sent ripples through the organisation.

After a thorough investigation, the security team discovered that a notorious individual named McGreedy, known for his dealings in the dark web, had sold the company’s credentials. This sale paved the way for a random hacker from the dark web to exploit the portal. The logs point to a brute-force attack. Normally, brute-forcing takes a long time. But in this case, the hacker gained access with only a few tries. It seems that the attacker had a customised wordlist. Perhaps they used a custom wordlist generator like CeWL. Let’s try to test it out ourselves!”

Today we are going to be using a tool called CeWL to scrape a cpmpany webpage and generate a custom word list. We can then use that word list to perform a brute force password attack with wfuzz.

Question 1: What is the correct username and password combination?

This is the website we will be scraping. It has a lot of holiday themed words all over it.

I used the following command to create a wordlist from that website. This specific command will also grab numbers.

Next, you can see at the bottom that there is a “Meet the Team” page that we can scrape for usernames.

From here we can head to the employee portal page and use wfuzz to do the actual bruteforcing.

As the results scroll by, you will see one lone request with a different response.

Question 2: What is the flag?

Now we can look through all their personal emails.

❤