Tuesday and it’s time for another THM room!
Today we move on to the Burp Suite: Repeater module.
(I’ve used/use Burp Suite quite regularly so hopefully should be able to breeze through this room)
In this module the items that are covered are What is Repeater?, Basic Usage, Message Analysis Toolbar, Inspector, Practical Example, Challenge & an Extra-mile Challenge.
In the practical example we are tasked with the following –
Question –
Answer –
Flag – THM{Yzg2MWI2ZDhlYzdlNGFiZTUzZTIzMzVi}
Question –
Answer –
Flag -THM{N2MzMzFhMTA1MmZiYjA2YWQ4M2ZmMzhl}
Question –
http://10.10.64.141/about/0%20UNION%20ALL%20SELECT%20notes,null,null,null,null%20FROM%20people%20WHERE%20id%20=%201
Overall, room was easy however the question that required the HTTP 500 error is wrong IMO and the only acceptable output for that answer is a negative input value (however the hint states otherwise) & the THM AI should be disabled as it is usless, again another gripe I have with THM is the older room such as this haven’t been updated so the answers are sometimes incorrect and clearly haven’t been updated in years & for a paid subscription this really isn’t good enough!
Until next time & don’t sleepwalk through life!
Nägemist