wpi admin Writeup

Solved by : thewhiteh4t

• email of our friend : alexo@uupeye.edu
• “students” here have some “bad” passwords
• emails of students are visible on : https://wpiadmin.wpictf.xyz/topStudents
• so we get a list of emails which we can bruteforce on student login!

    colino@uupeye.edu
    calliep@uupeye.edu
    annar@uupeye.edu
    gaylenek@uupeye.edu
    dennisb@uupeye.edu
    sherrim@uupeye.edu
    adams@uupeye.edu

• after bruteforcing we get all these credentials

    colino@uupeye.edu:123456
    calliep@uupeye.edu:password
    annar@uupeye.edu:iloveyou
    gaylenek@uupeye.edu:qwerty
    dennisb@uupeye.edu:123123
    sherrim@uupeye.edu:12345678
    adams@uupeye.edu:soccer

• after checking each profile we get flag on dennisb@uupeye.edu