Hey HTB users,
A buddy and I (@grimmvenom) have been trying to tackle Cartographer after successfully solving Learnean as they appear to be similar brute-force based challenges.
We’ve been unable to identify any additional information against the target in order to better tailor our brute force attempts except for the name of the challenge itself. We have been trying a 10 line userlist combined with the first 10k passwords of rockyou.txt in our brute force attempts, totaling 100k guesses without success. We’re basing our ‘success’ response on the lack of a loginform div in the HTML source. We’ve previously tried Content-Length as an indicator as well.
We’re thinking about creating a custom wordlist with hashcat and replacing cartographer with every leetspeak combination possible for the next time we try this challenge (we do a weekly meetup).
Any tips, hints or feedback on how we can better approach this challenge ?