[ACADEMY] Broken Authentication

I am about to give up on this module. I’m stuck on page 5 “Weak Bruteforce Protections” and can’t answer question 2: “Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed.” Hint: “This web server doesn’t trust your IP!”.

I get the hint and used the method described in the section to change what my IP looks like in the header. I rewrote the provided python script several times, tried with hydra and ffuf, but I don’t find anything. I worked on the scada cvs to make it work with the script, used rockyou and several of the default credential lists of SecLists.

Can anyone give me a hint? This is really frustrating.

Ok, I got it to work. The user and password doesn’t matter at all. You can just use curl.

@iougiri could you give me some help pls? I have the same problem and I’m getting crazy because I think it’s a simple thing and I can’t find it. The tip from what I understand refers to the X thing but nothing works

You’re on the right track with the X thing. I sent you a DM.

Have also tried the X thing in combination with the hint but without success… Can anyone give me another hint?

I hope this doesn’t spoil too much, but I know how frustrating it was for me. So for everyone having the same problem my hint is: The server only trusts itself.

I see…! crazy, haha you should read this link as below: https://www.w3schools.com/HTML/html_entities.asp interested in the special symbol! you will get more confused with the “Predictable Reset Token” section, question 1, :))

Anybody here, who can give me a nudge on the first assignment “Brute Force attack”. I think I have a good working Python script and tried with al available credentials files, but maybe I am missing one. Please respond.

Type your comment> @andrevanm said: > Anybody here, who can give me a nudge on the first assignment “Brute Force attack”. I think I have a good working Python script and tried with al available credentials files, but maybe I am missing one. Please respond. Thanks to Satellite was able to solve it.

Lmk when you get to “predictable reset token”, question 1. I can’t figure it out

I’m stuck on the skills assessment. Any tips?