> For the complete documentation index, see [llms.txt](https://kabinet.gitbook.io/ctf-writeup/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://kabinet.gitbook.io/ctf-writeup/2025/defcon-cloud-village-2025/bruteforce-login.md).

# Bruteforce Login

<figure><img src="/files/AmXHIp5Uk3fz30ApqqAF" alt=""><figcaption></figcaption></figure>

Viewing the page source, theres a link to a png file.

<figure><img src="/files/UzjyjzArgCEhw9NO0rPJ" alt=""><figcaption></figcaption></figure>

Since the hint mention a picture speaks a thousand word, lets attempt steganography on it.

<figure><img src="/files/kzgL0hE16zXoYjgKkOCI" alt=""><figcaption></figcaption></figure>

Now, we have a username and a possible password.

Filtering out astraunaut from rockyou and passing it to burp intruder, we are able to authenticate.

<figure><img src="/files/bsD5Cx7fer00SXzV4XYe" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/NnmeX2t4xrGLb8FVfHie" alt=""><figcaption></figcaption></figure>

Viewing the page source of the portal, there is a set of service principal credentials.

<figure><img src="/files/ejCzbs93Z3zfuG0ppiwW" alt=""><figcaption></figcaption></figure>

We are able to then authenticate and retrieve the flag.

<figure><img src="/files/VgD5zAjFZRFGXQOOnIai" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/NNPXlGRFfhtnviclMMhG" alt=""><figcaption></figcaption></figure>
