first, we have to understand the service on this page, try to enumerate manually, read all content, and understand what it said.
next, we have to try the functions on it, the important point is to understand this service!
2 Likes
cracked it…thanks Satellite!
Could someone hint me with the “Broken Authentication” , “Bruteforcing Usernames” section ./question2/ Broken Authentication Login - User inference!?
I can find yet neither pre-filled input nor the ‘failed_login’ cookie, just the “Invalid credentials” in responds.
I have fuzzed the “Username”, “wronguser”, both of them with Burp intruder and manually using top-usernames-shortlist.txt - nothing interesting. Perhaps I have overlooked smth? Response source is not seems to be unusual.
I still can’t get this, I’ve found 4 accounts and cannot cookie them (cannot have requested role). I’ve tried all combinations of ffuf against r*.php and m*.php but no working hit. Any other hint? thanks
use the dictionary that is mentioned in this section (bruteforcing username)
I have got it in the a expected way and it implies with belief in the given hint review the code carefully.
hi all, I can’t find the way to make htbadmin token work. banging my head on wall
I will happy to help you without spoilering if you still needed.
1 Like
try it
1 Like
it workedd thanks mate ,dunno what was wrong with my epoch
Can you give any more hints?
Did you keep in mind the different time zones? The displayed time zone is your local time zone in UTC, the server might have a different one. Thus, ±1 s is probably not enough
Ok, but the given server time zone might not be the real one. Try to use greater offset instead of ±1 s. For speeding things up, try to generate the given token (which can be conducted offline).
Text me If you want!
I will support you!
my discord satellite#1213
1 Like
Can you help me on Bruteforcing Cookies
Can someone please give me a nudge with the Question 1 Predictable
Reset Token please.
I’ve adjusted the original reset_token_time.py script for this question, as
shown in a post in this thread. I understand what everything is doing
(start_time, endtime, now) etc but I still can’t get a valid token for htbadmin. I click the “Create reset token” button, which gives me a token
and displays a time below it. I take this time and and convert it to epoch
time (in milliseconds) then I enter this as my now value in the python
script. I run the python script and enter the resulting generated code into
“validate token” but it’s always wrong.
I’m using +/- 1000 for the endtime and start_time values as suggested in
the question. I just can’t think what the issue can be on this.
Ta
text me on Discord!
1 Like
Maybe TimeVerter can help you: GitHub - D3vil0p3r/timeverter: Bruteforce time-based tokens and convert several time domains.
2 Likes
This looks very handy, i’m going to have a play with this tomorrow.