So far I have two areas that I could use some help with. The questions on Predictable Reset Token section is the first one. I did post a question to another thread regarding this but have not got any response as of yet. Basically I am not sure I am doing the epoch time portion correctly…

My other question is on the guessable answers section. I was able to guess the answer but I would like to understand how to run the python script referenced as well (it is used later in the module as well). I dont understand how to point the python script at my wordlists. Any help would be great! Thank you.


what wordlist do you use to get the answer???

for which part?

on guesseable answer

I never found one. I guessed the answer…

really??? there exist a lot of boxes, can you give me a hint?

sure, the one I figured out was the color. If you want a hint on the color I can do that but it will give it away I’m sure.

thanks, one last question the excersise of reset token in predictable reset token “Request a reset token for htbuser and find the encoding algorithm, then request a reset token for htbadmin to force a password change and forge a valid temp password to login. What is the flag?” i can find the htbuser reset token but i cant figurate how i can get the htbadmin

Yes, I support it, it would be great if someone gave a hint for these two tasks.

  • How to forge a valid temporary login password for htbadmin
  • How would I configure the predictable_questions_py script so that it would sort out the question options for htbadmin

I managed to guess the color in the “Guessable Answers” task, but I really want to understand how the script works.
How to adapt the script that was given as an example in that task.
Who completed the task using a script and not guessing the answer to the question?

About predictable questions, I completed the task with my own scripts. I just cycled for the HTB Boxes machines. Scaping the HTB site, I got my wordlist of known and predictable answers. Hope this could help.

For the epoch time, I got some problems with the datetime displayed. Because I didn’t get either the htbuser token into a small timeshift, I figured out that something could be messing with the time.
Then I got the hash. Find the right time locally for the htbuser and then use it as the base time for the online tests… Hope this would help.

Just completed it using Burp and Script both! Actually the script is pretty easy to use, we just had to change the target url and question to our preferred one. Then to run the script we had to provide a payload list e.g. python payloads.txt
That’s it!
The script basically sends POST request with our payload as answer to the question and checks for invalid string. If found, the answer wasn’t correct (needle, haystack)

Thanks for the answer, I’ll have to check it out!

1 Like