Can someone give me a nudge on Blind SQL Injection module; Assessment Q1. I have tried manual injection and sqlmap on login.php and index.php. Tried injecting user agent, referer and cookie fields but no luck. Also reset target a couple times
Your already on the right track, double check the payload is URL encoded.
Finally solved it. Make sure you try all header fields (e.g cookie) and as mentioned above URL encode your payload. Once you have proved injection is possible, adapt the python script under Time-Based SQLi section to identify database then table then column of required password.
All in all quite an interesting module.