Hello I’ve been stuck on the skill assessment for broken authentication for a couple of days now. I was able to identify the password policy and even found a couple of other users through the message page. However, I’m having trouble narrowing down rockyou.txt to make the wordlist shorter. I used “grep ‘[[:upper:]]’ rockyou.txt | grep ‘[[:lower:]]’ | grep ‘[@#$]’” then used sed to eliminate anything lower than 20 characters. This is where I’m stuck, I can’t find anymore users and I can’t find a valid password for the users I did find. A nudge in the right direction would be so helpful, thank you.
Me too, i have found some users but my password lists seems not to be working
I have only found two used with a userenum script, but other threads suggest that 3 exist. Not sure how to find the third one…
Solved!! The support page gives a huge hint about country codes for usernames
So I got all the users with country codes but I cannot find a valid password for any within the password restrictions. What did you do to shorten your wordlist?
The command i used is:
grep -a ‘[1]’ rockyou.txt | grep -a ‘[2]’ | grep -a ‘[0-9]$’ | grep -a ‘[@#$]’ | grep -x ‘.{20}’
Its '^ [ [ : upper : ] ] ’ and '^ [ [ : lower : ] ] ’ for the parts that is cut out
And grep ’ . \ { 20 \ } ’ for the last part
@pap Can you give a hint on the country codes for usernames? I tried bruteforcing with examples like: supportAV, support762, adminAV, etc…
Still haven’t found any usernames beyond beyond support and guest though.
Yes the support page states something about country codes. Use country codes to enum
So example is user.eu for europe country code
thanks @pap
You’re welcome
Thank you! I really need to work on my grep commands I had something completely different. I was able to get a few hits with a script I wrote to bypass the timeout. However, I’ve been stuck on the cookie tampering part. I have the algorithm but I seem to get the same error no matter what role I try.
Hint:
You need to be logged into the correct account, and also manipulate cookies to have the correct role.
Hmm I’ll try playing around with that, I only got hits on 6 accounts does that sound about right.
hey guys need some help i managed to get the user and pass word but the otp is giving me some trouble not sure if its six digit or four but a hint would be greatly appreciated.