Maybe TimeVerter can help you: GitHub - D3vil0p3r/timeverter: Bruteforce time-based tokens and convert several time domains.
2 Likes
This looks very handy, i’m going to have a play with this tomorrow.
Hello everyone,
I am having the same problem as others before me:
- I am using the same script as posted before
- I create a token for htbuser and convert the given timestamp to epoch
- I also tried to take the timestamp and convert it to my time zone, then convert it to epoch
- Fed the timestamp to the script with a ±1000 ms range
- The script iterates 2000 times and each time creates an md5 hash of htbadmin+iteration#
- It sends the request and filters out all responses with the string “Wrong token”
but…
It does just that for 2000 times without returning any valid token. Nothing at all happens. So I am guessing that my mistake is at the beginning when I choose the timestamp to convert? I am using online websites or date -d ‘TIMESTAMP’ +%s for the conversion.
Can someone point me in the right direction?
Hello everyone
Who passed the “Default Credentials” part
Who can remember.
There it is necessary to redo the entire script that they propose to study in order to answer the question:
“Inspect the login page and perform a bruteforce attack. What is the valid username?”
I’m trying to put my data from the provided machine into it
The script freezes, you have to interrupt it.
and the error always appears the same:
The task is to find a suitable list.
Have a look at the page title. Can you find a vendor there?
You have to bruteforce absolutely nothing
Hmmm, that’s how it is.
Then HINT becomes logical.
Confused by their question.
Why then do they ask for “brute force attack”.
Inspect the login page and perform a bruteforce attack. What is the valid username?
Thank you for the right direction of thought
It’s still a bruteforce even with the right list?
No
You have to bruteforce absolutely nothing.
Find the right list of default passwords.
that’s still a bruteforce unless you did it without using the script but even entering them 1 by one is just manual bruteforce?
There are six entries on the list with four different user names.
You will be able to exclude two of them without further ado. So there are two possible answers left. If you start at the top, you won’t need a second try 
1 Like
Well it appears I over complicated this by 1000 times. At least I learned how to process data and modify scripts lol.
After prompted PayloadBunny, it became clear that it was not necessary to use the script and brute force, and I stupidly found the answer through google, but it was no longer bruteforce, but OSINT))
But the fact that the question itself was confusing me is 100%)
1 Like
Hello!
I got hung up on the task “Bruteforcing Passwords”.
It seems nothing complicated, one question:
“Using rockyou-50.txt as password wordlist and tb user as the username, find the policy and filter out strings that don’t respect it. What is the valid password for the htb user account?”
I created my own table, defined a password policy.
Filtered out everything unnecessary.
Even the list turned out to be small.
But persistently the password, which should be correct, does not fit in any way.
Strangely simple, how did you solve this problem?
It worked!
Tell me, please, who is the expert on regular expressions.
Who can I personally write to, consult.
There are a couple of points that my grep filter has not mastered (
I had to filter out the extra passwords a little manually.
Everything worked out, but I want to close this topic completely for myself.
Yes, who can tell ьу, for the delay in the attack in BurpSuit, which parameter is responsible.
Bypass timing protection.
Error Handling?
Hi, I am on the skills assessment and am quite stuck from the start… I am attempting to brute force support login, with a 30 sec dely between each req to prevent the lockout and trying to decode the cookie but I am stuck on that as well. any hints? happy to talk over dm’s or discord. Thanks!
Did you find the solution to this problem?
1 Like
Hi I’m stuck with the first question in the course around default credentials .
I have modified the given script which takes in a csv file fine and I have used all combinations from the all technologies listed here: https://github.com/scadastrangelove/SCADAPASS/blob/master/scadapass.csv. I also believe that row 12 relates to the technology here.
Where the question says, “Inspect the login page and perform a bruteforce attack. What is the valid username?” I’m taking the question to actually mean: do a bruteforce by hand, just trying a small set of credentials from the link above to deduce the username only ( the PW is not even relevant).
Based on row 12 of the csv in the link above, this looks pretty simple; but doesn’t work. 
Presupposing I understand this all correctly, Would someone be so kind to tell me, What am I missing, please? …and put me out of my misery.
Warm regards 
I got it!
I am stuck at this need help