Hi,
I am stuck at the Broken Authentication module at HTB Academy.
When I spin up a machine I get a “MetaDoc” named website. I am trying to brute force usernames and passwords but no avail.
I tried the X-Forwarded-For header but nothing happens.
Any help?
Just follow the module carefully. You will get both a username and a password
It was by pure luck that I found a username (startig with g right?) and I got the password. I am stuck the OTP. I am brute forcing a million OTPs and it isn’t getting me anything.
Yeah. This is the same step I’m stuck at.
Any luck with the OTP?
Hi, there. Just finished the module. The hint I can give you about the OTP step is: not always is about brute forcing. Capture the requests and try to figure out what you can do.
Another hint could be: create a valid user and login to see what happens.
Hi,
I am still stuck at enum the username. I have tried so many different user(names) lists but none is available. Can you give me a hint where to start? I follow the module again and still no luck. Thank you.
Thank you. I have already solved it. It is indeed as you say. I didn’t pay attention to the original uri when I created a user and navigating to from the user I found using bruteforce.
Use names wordlist on Pwnbox on the login form.
Its important to make notes and try every method learned from the module.
Its not always bruteforce method. there’s another method to bypass authentication
Thank you so much Raafat!!
I could not get it done on my Kali. It was just so slow and kept stopping at enum the Username at the record 800-900. After using the Pwnbox like you suggest. I was able to get the Username. Then the password. I finally finished the module.
Thank you all!
I have username and password. Tried to brute force the OTP without success and am reading that is not the correct route. I tried to do Authentication Bypass via Direct Access without success. When I forward the 200 OK, I get blank web screen. Help would be appreciated.
Update: I found the flag.
I’m stuck at this same spot. Lend a hand?
Once you find a username and password. When visiting the page that redirects to OTP pay attention to the status code.
Raafat nailed it below. If this doesn’t help, let me know.
Got the flag. I can’t believe that’s what it was. Good looking out friends.
C.
@Mrmojo @6R33NB3R37 @Raafat @M3F6M1X1 @vscandeira Can you give me the recommendation?
I found the username and password after brute-forcing username and password and can not bruteforce 2FA function. I created account and only show "You do not have admin privileges. The site is still under construction and only available to admins at this time. "
Can you give me some ideas for what to do next?
Thank you!
Pay attention to the URI when logging in to different users. Also like @Raafat said “Once you find a username and password. When visiting the page that redirects to OTP pay attention to the status code.”
I can’t say it any clearer than M3F6M1X1. Create a new user and look at URI. Now capture the OTP redirect. What is status?