Hello I’ve been stuck on the skill assessment for broken authentication for a couple of days now. I was able to identify the password policy and even found a couple of other users through the message page. However, I’m having trouble narrowing down rockyou.txt to make the wordlist shorter. I used “grep ‘[[:upper:]]’ rockyou.txt | grep ‘[[:lower:]]’ | grep ‘[@#$]’” then used sed to eliminate anything lower than 20 characters. This is where I’m stuck, I can’t find anymore users and I can’t find a valid password for the users I did find. A nudge in the right direction would be so helpful, thank you.
Me too, i have found some users but my password lists seems not to be working
I have only found two used with a userenum script, but other threads suggest that 3 exist. Not sure how to find the third one…
Solved!! The support page gives a huge hint about country codes for usernames
So I got all the users with country codes but I cannot find a valid password for any within the password restrictions. What did you do to shorten your wordlist?
The command i used is:
grep -a ‘[1]’ rockyou.txt | grep -a ‘[2]’ | grep -a ‘[0-9]$’ | grep -a ‘[@#$]’ | grep -x ‘.{20}’
Its '^ [ [ : upper : ] ] ’ and '^ [ [ : lower : ] ] ’ for the parts that is cut out
And grep ’ . \ { 20 \ } ’ for the last part