[ACADEMY] Broken Authentication

I am about to give up on this module. I’m stuck on page 5 “Weak Bruteforce Protections” and can’t answer question 2: “Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed.” Hint: “This web server doesn’t trust your IP!”.

I get the hint and used the method described in the section to change what my IP looks like in the header. I rewrote the provided python script several times, tried with hydra and ffuf, but I don’t find anything. I worked on the scada cvs to make it work with the script, used rockyou and several of the default credential lists of SecLists.

Can anyone give me a hint? This is really frustrating.

Ok, I got it to work. The user and password doesn’t matter at all. You can just use curl.

@iougiri could you give me some help pls? I have the same problem and I’m getting crazy because I think it’s a simple thing and I can’t find it. The tip from what I understand refers to the X thing but nothing works

You’re on the right track with the X thing. I sent you a DM.

Have also tried the X thing in combination with the hint but without success… Can anyone give me another hint?

I hope this doesn’t spoil too much, but I know how frustrating it was for me. So for everyone having the same problem my hint is: The server only trusts itself.

I see…! crazy, haha you should read this link as below: https://www.w3schools.com/HTML/html_entities.asp interested in the special symbol! you will get more confused with the “Predictable Reset Token” section, question 1, :))

Anybody here, who can give me a nudge on the first assignment “Brute Force attack”. I think I have a good working Python script and tried with al available credentials files, but maybe I am missing one. Please respond.

Type your comment> @andrevanm said: > Anybody here, who can give me a nudge on the first assignment “Brute Force attack”. I think I have a good working Python script and tried with al available credentials files, but maybe I am missing one. Please respond. Thanks to Satellite was able to solve it.

Lmk when you get to “predictable reset token”, question 1. I can’t figure it out

I’m stuck on the skills assessment. Any tips?

man this problem sure threw me for a LOOP!

hope that hint is not too much. I’m new here and was stuck forever on this and wanted to help others

Yep, now I’m there haha this module is wrecking me. I’ve added the header and used the server IP but still getting nothing. Are we still meant to be using the S*ad* .c*v? I think my data processing needs work if that’s the case.

Hi I know this was absolutely ages ago but do you remember any more details about the command and specifics?