API ATTACKS Skills Assessment

Has anyone else had any luck with solving this. I have enumerated the supplier with a security question set but have not had any luck brute forcing the password reset through the security question.

Thank you :slight_smile:

If your like me, You just need a really big wordlist.

A hint is that it is a fairly popular programing language :stuck_out_tongue:

1 Like

can u provide the wordlist ? cuz have been searching for one

Just to point out that there are multiple suppliers with the same security question. You need to try all of them.

What I did was creating a list with all the supplier emails who have that question set as my user list and then used this list: color.txt list to brute force the answer.

If you are successful in the above, you have successfully escalated your privileges and you will have to find another vulnerability in order to get the flag.