Broken Auth - Need help on Authentication Bypass via Parameter Modification

Hi guys,

I’m currently stuck on this level and running out of ideas. I’ve tried to brute-force the user_id parameter using a list of digits. I’ve also tried to brute-force the token parameter in the reset password section, and I’ve tried some tricks with Burp Suite. However, I don’t really know what else I can do or where exactly I should be brute-forcing.

If you guys have any suggestions, I would really appreciate it. Thanks!

Capture d’écran 2024-06-15 à 00.51.25

2 Likes

Hi! Using Burp Suite Intruder, think about the parameter in Grep-Match. And you need a list of numbers from 0 to …, but not four-digit. You can to do this with ffuf. add -mr with same parameter.Happy hacking!

Hey, yes I’ve passed the level, HTB team helped me and I used a digt list from 1 to 1000. Just a newbie mistake haha. Thank you for your answer though !

1 Like

Could you help me out? I stuck with this many hours —here is my command :ffuf -w ./test.txt -u “http://94.237.50.45:58655/admin.php?user_id=FUZZ” -fr “Could not load admin data. Please check your privileges” ----my world list is 0-99,999

Hello, make sure you’re using a digits list that goes from 1 to 1000 and not 0 from 99999 :slight_smile:

1 Like

Oh…Ty so much, my brother!
I wonder why using 0-9999 is not work, even its range cover the range of 0-1000

My pleasure bro

The tokens.txt word list is generated using “seq -w 0 9999 > tokens.txt” and has ‘-w’ flag. The word list needed for this task will be generated using “seq 1 1000 > tokens.txt”. Check what is the use of ‘-w’ flag and you will understand why it did not work.

Hi, so I have used the word list
seq 1 1000 > numbers_list1.txt

And then used the following ffuf command, however I still have not found the admin.

 ffuf -w ./numbers_list1.txt -u http://94.237.60.154:39644/admin.php?user_id=FUZZ -b "PHPSESSID=v7hrqtadq26n3do4cp9dqlhrlo" -fr “Could not load admin data. Please check your privileges” 

Any suggestions would be appreciated. Thank you.

HI, no unfortunately I am still stuck on this challenge.