Weak password

Description: Nothing too difficult
Difficulty: Very easy

🔎 Solution

The challenge website presents a pop-up prompt for entering a username and password.

I started by inspecting the HTTP request using Burp Suite to check for anything suspicious in the headers. The only notable header was:

Authorization: Basic YWRtaW46YWRtaW4=

The Base64 string was simply the username:password I had entered. Nothing's really helpful here.

Looking back at the challenge title, I decided to try a common credential pair: admin:admin. And just like that - it worked!

admin