[ACADEMY] Broken Authentication

At which question are you stuck?

Thanks for responding to my question. I am stuck on Weak Bruteforce Protections Q2 “Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed. What is the flag?”

You have to submit a number. Just by trial and error I succeeded. It’s a rounded nice number. I don’t want to spoil it in public. Send me a DM to tell you the number.

Hint: try as fast you can test:test and wait for the reply…It gives an indication of the number to submit.

Hi, I’m stuck on this question myself at the minute. I’ve tried ‘curl -L -vvv -H ‘X-Forwarded-For: MACHINE_IP’ http://MACHINE_IP/question2/’ to no avail. Any pointers?


In the text:
“headers = {
“User-Agent”: “Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36”,
“X-Forwarded-For”: “”
}” it looks like it is 1 header, but there are actually 2 headers: “User-Agent” and “X-Forwarded-For”
So you have to use only the second one…

I tried all the round numbers but got nothing