Broken Authentication - Skills Assessment

The_F0x · January 18, 2023, 12:42am

Hello I’ve been stuck on the skill assessment for broken authentication for a couple of days now. I was able to identify the password policy and even found a couple of other users through the message page. However, I’m having trouble narrowing down rockyou.txt to make the wordlist shorter. I used “grep ‘[[:upper:]]’ rockyou.txt | grep ‘[[:lower:]]’ | grep ‘[@#$]’” then used sed to eliminate anything lower than 20 characters. This is where I’m stuck, I can’t find anymore users and I can’t find a valid password for the users I did find. A nudge in the right direction would be so helpful, thank you.

daffainfo · January 22, 2023, 2:38am

Me too, i have found some users but my password lists seems not to be working

pap · January 25, 2023, 1:57pm

I have only found two used with a userenum script, but other threads suggest that 3 exist. Not sure how to find the third one…

pap · January 25, 2023, 2:28pm

Solved!! The support page gives a huge hint about country codes for usernames

The_F0x · January 25, 2023, 2:42pm

So I got all the users with country codes but I cannot find a valid password for any within the password restrictions. What did you do to shorten your wordlist?

pap · January 25, 2023, 3:11pm

The command i used is:

grep -a ‘^[1]’ rockyou.txt | grep -a ‘^[2]’ | grep -a ‘[0-9]$’ | grep -a ‘[@#$]’ | grep -x ‘.{20}’

[:upper:] ↩︎
[:lower:] ↩︎

pap · January 25, 2023, 3:14pm

Its '^ [ [ : upper : ] ] ’ and '^ [ [ : lower : ] ] ’ for the parts that is cut out

And grep ’ . \ { 20 \ } ’ for the last part

noone00 · February 6, 2023, 1:33pm

@pap Can you give a hint on the country codes for usernames? I tried bruteforcing with examples like: supportAV, support762, adminAV, etc…
Still haven’t found any usernames beyond beyond support and guest though.

pap · February 6, 2023, 3:30pm

Yes the support page states something about country codes. Use country codes to enum

So example is user.eu for europe country code

noone00 · February 6, 2023, 3:41pm

thanks @pap

pap · February 6, 2023, 3:53pm

You’re welcome

The_F0x · February 25, 2023, 7:23pm

Thank you! I really need to work on my grep commands I had something completely different. I was able to get a few hits with a script I wrote to bypass the timeout. However, I’ve been stuck on the cookie tampering part. I have the algorithm but I seem to get the same error no matter what role I try.

pap · February 25, 2023, 7:40pm

Hint:

You need to be logged into the correct account, and also manipulate cookies to have the correct role.

The_F0x · February 25, 2023, 8:03pm

Hmm I’ll try playing around with that, I only got hits on 6 accounts does that sound about right.