In module Broken Authentication (SkillAssessment), need to get a password , contacting with endpoints /api/v1/authentication/customers/passwords/resets and /api/v1/authentication/customers/passwords/resets/email-otps, by example i tried Brute Force attack to Password and OTP , but this nothing got, i tried many times and others vulnerabilities and i nothing got , can you give me solution of this problem (I waste 3 days )
3 Likes
I also have this problem. Please guys write the solution if you know…
Tried to brute force the OTP code, it doesn’t work.
Tried to manipulate the API request in a POST
/api/v1/authentication/customers/passwords/resets/email-otps / sms-otps to predefine the OTP code, nothing works…
hi, I solved this task using Seclists 4-digit file and sending otp via email
The task is complicated because it doesn’t give us an example of an otp code, but I hope it helps you if you need anything, write me a PM.
1 Like
Hi, could you show me how you used ffuf to find the OTP code? I’m stuck here and can’t move forward. Thank you