[Academy] Broken Authentication - Weak Bruteforce Protection

MR_0xTFS · August 6, 2022, 5:52pm

hi guys.
i have a question about /question2 in weak bruteforce protection.
i used x-forward-for in header using curl, burpsuite, wfuz and many more tools.
but i can’t find the flag.
pls help me
how can i get the flag?

hoangvietitvn · August 7, 2022, 11:55am

try local address

MR_0xTFS · August 7, 2022, 12:04pm

127.0.0.1??

hoangvietitvn · August 7, 2022, 12:04pm

yep , with x-forward-for

MR_0xTFS · August 7, 2022, 12:05pm

it works
tnx

Cyberstorm · March 29, 2023, 6:54am

I am using the defualt password csv file but no luck. Any hints to which pw list to use?

Cheers

Cyberstorm · April 8, 2023, 1:21pm

Nevermind. Yet again one of those “don’t overthink it” and you go DOOOOUGGGH.

Ended up using burp and got it.

Topic		Replies	Views
Broken Authentication - Weak Bruteforce Protections Academy	28	2875	May 11, 2024
[ACADEMY] Broken Authentication Other	28	5771	April 11, 2024
Broken Authentication Update help with 2FA Academy	11	415	September 11, 2024
Stuck at New Broken Authentication skills assessment Academy	29	1508	October 25, 2024
Password Attacks - Network Services - Help! Academy	8	565	October 5, 2024

[Academy] Broken Authentication - Weak Bruteforce Protection

Related topics