WeChall - Guesswork
Challenge
Account Cracked — I think some people have cracked my wechall account. Do you really think your scripts are safe ?
用户名 WeChall 的账号被破解了,猜出密码登录。
Solution
页面模拟了一个论坛帖子:
- WeChall 发帖:"I think some people have cracked my wechall account. Do you really think your scripts are safe ?"
- gizmore 回复:"Well, maybe your password was very easy to guess or you reused it on another site? Do not choose passwords that are affiliated with the site and your person etc... You should maybe reset your password? PS: Do not re-use important passwords! Edit: I think you are not even a legit user, since you post news items :WEIRD:"
底部有一个登录表单:用户名预填 WeChall,密码输入框
wcpwd,提交按钮。
输入 wechall → 返回
uhoh.... you are close,说明密码以 wechall
开头。
| 输入 | 结果 |
|---|---|
wechall |
CLOSE |
wechall1 / wechall2 / ... |
CLOSE |
wechalladmin / wechallpost |
CLOSE |
WeChall / gizmore /
password |
UNKNOWN |
wechallbot |
CORRECT ✅ |
系统对密码做前缀匹配:包含 wechall 前缀的都返回
CLOSE,其余返回 UNKNOWN。
关键推理:
gizmore 的话里有一句 Edit:"I think you are not even a legit user, since you post news items :WEIRD:"
WeChall 这个用户不是真人 — 它是站内的 bot
账号,负责发布新闻。密码就是 wechall + 身份 =
wechallbot。