This will be solution for Level 12 Practical Web Hacking CTF #2.
In this level unfortunately we have a very realistic example of how easy it is to bruteforce web applications, our objective is to try to bruteforce a login and password. The procedure is very simple we need to collect the information that would allow us to execute the requested as if it were made by the browser.
- Collect input names.
- find the sugested wordlist.
- setup hydra.
The world list suggested is a very known from john ripper, so we set our brute force application with the following.