Skills Assessment - Broken Authentication

Hello,

I’m stuck on the Skills Assessment for Broken Authentication:
While I can enumerate users apart from the one mentioned on the website I can’t find any valid ones. and of course now I find some

thanks

1 Like

Hey,

That skill assessment is brutal. I recommend reading the support page on the target, then go back and reread the section about Usernames in the module. It worked for me.
-onthesauce

1 Like

thanks for the tip even though short after posting I already found some accounts (of course) but now I’m stuck with one default account and while I do have a suspicion what is required I’m not sure it’s the right way

That was pretty helpful and I managed to find one two more users like this using the message page (after having created a user). However I fail to tamper the cookie as I am a bit blocked…the cookie seems to be a hash of something. I am really wondering how to proceed.

Got it! Nice escalation of multiple steps!

Nice glad you got it!

1 Like

This module is killing me! Any tips on the word-list to use to enumerate the user on the final assessment? I found where to enumerate the user, it looks like guest is the only other user aside from the one I created that I can find so far…

There is another one that you can see “manually” on the website. Once logged in, just read the site contents…
As already mentioned… Skills Assessment - Broken Authentication - #2 by onthesauce

Hi, I created my thread. Can you help me?

Question can you combined two wordlist when searching for a wordlist? When create a login they ask for the following:

-20 word min
-Start with a capital letter
-End with a digit

Do the other users passwords have the same requirements?

Can you please suggest how did you tampered cookie. I am also stuck at cookie. Which encoding algo u used?

Hey! Have you got the username? How did you enumerate them? I used a lot of different wordlists but I always end up with the two known usernames…

Hi!! In the support page you can find the way to enumerate usernames, and a clue about how the usernames are made.
Then, review the end of the brute forcing usernames section to get an idea about the naming convention.
If not clear enough, DM me :wink:

Hi, i got all support users and their passwords but i cant find any admin panel or flag. any hints please :slight_smile:

Once you can log in with the support account, you have to work on cookies to elevate privileges.

1 Like

I think im only at one step of getting it, but i cant figure out what “role” you need to put on the cookie, I tried with: root, admin, administrator, htbadmin, super, superuser, sun… I dont know if that thing about “following the sun” has something to do…

Hi, I have found 5 new users with 3 valid passwords. I also found how htb_sessid is made so I was able to create my own sessid with different roles but nothings seems to works with those users. I am a bit stuck on with this assessment. Someone could give a hint about next step? thank you

I was just trying with the wrong accounts. Keep looking for other accounts!

same for me.
Anyone have a hint?
Thanks

Hi @onthesauce ,

Can I get some help with this module please. I have a few usernames obtained from message.php, I decoded the cookie, which ends up as just the username, but changing the cookie always gives the message - the requested role is not available for this user.

thanks

1 Like