Skip to content

Lab Tasks

Password Brute Force

Taking you back to the first year, our first task is to write a password brute force application This will let you practice with requests, and get the concepts around brute forcing down.

You can find the target in the 5067 Labs Repo on github

https://github.coventry.ac.uk/CUEH/5067_Labs

Dirbusting

For our second brute force task we are going to look at directory busting.

Using the demo application, try to find the hidden files / directories contiaining the flags.

You are free to use whatever tool you want, However, to get an idea of how different tools work, I would also try to replicate your results with others. Suggested tools include

  • gobuster
  • nikto
  • ffuzz

Easy_task

Using Gobuster / FFUF look for hidden files in the web application. What do you find? How might we use this information later?

Task

Try to find the hidden flag file

TIP: You will need to consider a recusive search

Hardtask

Using the information you have gained so far try to find any other hidden files There is something with a flag in it.

Hardtask

You will also identify a page with a form. Use parameter busting to find another flag.

Back to top