As I Have Got some holiday’s, i thought to do something interesting .So i thought why not solve Pentester Academy Web Application Challenges…and here i’am starting from the first challenge.
I captured the login request using burp with random password and username which is shown above.
As it is a form based login so only we have to iterate over password field and username which has only two possibilties jack & admin .
Here is my Python Code for the above problem:
It Is fairly a simple code.But who do not have knowledge of Python urllib2 library,i have another solution for You …
You can intercept the request using the burp and then send the Request to the Burp Intruder and apply payload only for password….
then create and load a password list in the payload option and then start the attack.
And you will find Emailfirstname.lastname@example.org, Password-zzzxy