Wpictf 2021

wpi admin

Solved by : thewhiteh4t

email of our friend : alexo@uupeye.edu
“students” here have some “bad” passwords
emails of students are visible on : https://wpiadmin.wpictf.xyz/topStudents
so we get a list of emails which we can bruteforce on student login!

    colino@uupeye.edu
    calliep@uupeye.edu
    annar@uupeye.edu
    gaylenek@uupeye.edu
    dennisb@uupeye.edu
    sherrim@uupeye.edu
    adams@uupeye.edu

after bruteforcing we get all these credentials

    colino@uupeye.edu:123456
    calliep@uupeye.edu:password
    annar@uupeye.edu:iloveyou
    gaylenek@uupeye.edu:qwerty
    dennisb@uupeye.edu:123123
    sherrim@uupeye.edu:12345678
    adams@uupeye.edu:soccer

after checking each profile we get flag on dennisb@uupeye.edu

Published on : 26 Apr 2021