Advent Of Cyber 2 Try Hack Me [Day 3] Christmas chaos

Today I am going to do the walkthrough for the day 3 still 22 days left

What is the flag?

first lets go to website and see what is inside

so this is how it is look like. Now lets put some username and password and send it through burpsuit to find out how dose this request work

now you can see this is how its is look like so now I am going to send this request to intruder to do some brute force attack to get the password for that press CRTL +I

There are 4 option is intruder if you wanna learn more about it here is the link
in here we are using 2 payloads so we need to change the settings to cluster bomb

you can select username value and password value and press add then move to payload tab and create the payload this is what they mention us to use

so now lets add these credential to payloads

select 1 and put all the user name

select 2 and put all the passwords

then press start attack

now you can see it did brute force attack and all the request has been redirected to some where but if you see the length of the payload request all other request has 309 but 8th request got 255 which mean it might work so now lest go and put those credentials in the website

So you can see that we were able to login to the site succesfully and got the flag.

flag — - THM{885ffab980e049847516f9d8fe99ad1a}