[Web] Lernaean

Are challenges time based?

(Trying to avoid spoilers) After many attempts to bypass auth, I caved and tried another approach. When I tried to login again with a result of that approach, the page loaded saying “Opps, too late!”. Restarting the instance doesn’t seem to help. Does this mean I failed the challenge?

Nope! You’re on the right track. Try intercepting the requests and responses to see what is happening.

OMG, nice trick. I had to intercept it 4 times before I saw it.

@Greenjam94 said:
OMG, nice trick. I had to intercept it 4 times before I saw it.

Can you help me? What do I have to see there? Give hint pls

I must be overthinking this. Created some custom wordlists relating to this topic and am still not having luck recovering the password. Any help?

check your settings then…

make sure the password failure message is noted by your ‘tool’. why custom? (u sure the pass is there?) use the regular ones.

@rlymdk said:

@Greenjam94 said:
OMG, nice trick. I had to intercept it 4 times before I saw it.

Can you help me? What do I have to see there? Give hint pls

Same here, can’t figure it out.
Any hint?

My attempt is taking ages, even with normal list :confused:

@DedSecK said:
My attempt is taking ages, even with normal list :confused:

You must be doing something wrong it took me like 5 minutes to get the password (i used a stock wordlist on kali)

Spoiler Removed

maybe i just got the wrong tools

@Punchlinekoala said:
i seem to have the wrong wordlist - does anybody used the rockyou lists? Intruder is running wild…

your comment is kind of spoiler :3

@D4n1aLLL said:

@Punchlinekoala said:
i seem to have the wrong wordlist - does anybody used the rockyou lists? Intruder is running wild…

your comment is kind of spoiler :3

Well - hope the edit helps

anyone can help me …i used a lot of tools also and some takes a huge time… i have a lot of trouble to bypass … plz help

@CADMUX said:
anyone can help me …i used a lot of tools also and some takes a huge time… i have a lot of trouble to bypass … plz help

I had the same issue where it was going very slowly, try changing the number of threads it uses.

I have managed to log in but im not sure what to do now (SPOILER)

! I see in the header that Etag:"“cd-55532bfca8680-gzip”" and Accept-Encoding:gzip, deflate. What i understand from this is that there is a gzip file which i somehow need to request and it will download - how do i do this? any help please

@ninjat looks like that’s a bit of a rabbit hole, but who knows

@ninjat try and login with a lower level “client”, or interecept the response after submitting the form.

Hints you guys mentioned are more than enough to solve this challenge. after spending couple of day i did laugh at me. Thank you buddies

I’m still having trouble with hydra. Can someone help me?