Broken_Authentication

So far I have two areas that I could use some help with. The questions on Predictable Reset Token section is the first one. I did post a question to another thread regarding this but have not got any response as of yet. Basically I am not sure I am doing the epoch time portion correctly…

My other question is on the guessable answers section. I was able to guess the answer but I would like to understand how to run the python script referenced as well (it is used later in the module as well). I dont understand how to point the python script at my wordlists. Any help would be great! Thank you.

1 Like

what wordlist do you use to get the answer???

for which part?

on guesseable answer

I never found one. I guessed the answer…

really??? there exist a lot of boxes, can you give me a hint?

sure, the one I figured out was the color. If you want a hint on the color I can do that but it will give it away I’m sure.

thanks, one last question the excersise of reset token in predictable reset token “Request a reset token for htbuser and find the encoding algorithm, then request a reset token for htbadmin to force a password change and forge a valid temp password to login. What is the flag?” i can find the htbuser reset token but i cant figurate how i can get the htbadmin