ART/ARF Challenge #2 - Fire
This challenge can be found when Wheeler uses a fireball spell against a door.
The Setup
Our team found this building's outdated Document Management System.
It shares a similar vulnerability as the building itself... the password hasn't been changed for a long time.
Help Wheeler, Eli, Martina, Art and Sally find the flag located inside the DMS.
We are given a URL to a login page.
The Login
The login page is for some software called "OpenKM", which is using "jsp", Java Server Pages, which to me screams "corporate infrastructure".
First thing I try is admin/admin and root/root, but no luck.
Second thing is I look up "openkm default password", which gets me to the okm quick start page, which states:
The default administrator credentials are:
- Username: okmAdmin
- Password: admin
Do not forget to change the administrator password.
You guessed it, like in all good corporate infrastructure, they did not change the administrator password.
In the next page we are able to download flag.txt, which contains our flag.