Summary Steps
1. View the source code of the page to find hints.
2. Use burpsuite proxy.
3. add the root to the item scope, then do web spidering.
The login page of the company. No information, there is no dynamic variables on this page.View the source code of the login page to find hints, and yes there are something that do not exist on the front page.Highlight the entire page and you found the username and password, actually the username and password are in the source code, you just need to verify by highlighting the entire page.The main page contains no variables to test injection, the form does not have XSS and SQL injection vulnerability…Use burpsuite proxy, turn off the intercept, the pages you visit will be included in the burp suite, this is known as passive scan.Add the document root to the scope, this is for web spidering.Do web spidering from the “/” document root and get more information from this page.A directory known as “secret_area_” has a text file known as “mails.txt”, inside contains a list of emails. Jason Killer is the agent you need to find and send email to.Go to Central Communication Email to send an email to Jason KillerThe challenge is completed.
cyruslab 