OWASP Juice Shop THM Write Up

admin email
After making a query we can see the q=search in the address bar meaning q == query parameter
After looking around for Jim’s review we notice the comment about replicators, do a google search and you can find out where it is from.
the packet containing the login format
After forwarding the packet you should get the flag and move onto the next question
The packet for bender’s login.
Similarly to the admin flag once you forward the package you get the flag for bender.
The login packet sent to Intruder tab
Configuring the payload and Brute Forcing the login!
Once you brute force the password just login and you get the flag!
Bingo! Check out the acquisitions.md file and head back to the home page to get the flag!

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store