Broken Authentication - Skills Assessment

Hello I’ve been stuck on the skill assessment for broken authentication for a couple of days now. I was able to identify the password policy and even found a couple of other users through the message page. However, I’m having trouble narrowing down rockyou.txt to make the wordlist shorter. I used “grep ‘[[:upper:]]’ rockyou.txt | grep ‘[[:lower:]]’ | grep ‘[@#$]’” then used sed to eliminate anything lower than 20 characters. This is where I’m stuck, I can’t find anymore users and I can’t find a valid password for the users I did find. A nudge in the right direction would be so helpful, thank you.

Me too, i have found some users but my password lists seems not to be working

I have only found two used with a userenum script, but other threads suggest that 3 exist. Not sure how to find the third one…

Solved!! The support page gives a huge hint about country codes for usernames

So I got all the users with country codes but I cannot find a valid password for any within the password restrictions. What did you do to shorten your wordlist?

The command i used is:

grep -a ‘[1]’ rockyou.txt | grep -a ‘[2]’ | grep -a ‘[0-9]$’ | grep -a ‘[@#$]’ | grep -x ‘.{20}’

  1. [:upper:] ↩︎

  2. [:lower:] ↩︎

Its '^ [ [ : upper : ] ] ’ and '^ [ [ : lower : ] ] ’ for the parts that is cut out

And grep ’ . \ { 20 \ } ’ for the last part