Looks like this module got updated so I don’t see any posts about the changed skills assessment and I am stuck on the first question:
“What is the password for the basic auth login?”
They give two wordlists for usernames and passwords. When using either hydra or medusa for brute forcing http basic auth the estimated time to completion is far longer than the life of my pwnbox. When running hydra with the two word lists provided and 64 threads it’s still an estimated 10+ hours to complete.
The only thing I can think of is that I need to shorten the word lists by removing any less than 6 characters, any without numbers, etc. however, I don’t know of any password policies associated with http basic auth by default and couldn’t find anything through google.
please push me in the right direction, thanks.