@Sapo said:
hummm Hydra give me 16 valid pass and none is good, its that possible?? i use rockyou.txt, download of a one page…
I have the same issue. Did you ever come to a solution as to why you were having that issue? If so could you please offer a hint or some guidance. Thanks.
UPDATE: The issue ended up being my syntax. For others who got stuck here I forgot to put the parameters in quotes and forgot to put a space between the two words returned in the failed login response. As a general tip you should only get 1 valid password returned. I am new here so if I said too much please forgive me and feel free to delete/edit my update.
Hmm, that was a very intersting challange for me i have used a python request module, and a worldist and some if statment, and it took me 2min to get the flag, it just a basic programming with reqeusts
I managed to get past the first stage, and the next page says “Oops Too slow!”
I’ve looked everywhere for the flag but am thinking the Etag might have something to do with the next step.
I am using Firefox ESR, should I try another browser?
I’m out of ideas here. =D
Any hints without spoiling the solution?
hello guys! instead of using certain tool i created my own python scripts, but I get the message of being slow… is this due to maybe the threads? how can i make my script “faster” any hints on that ?
edit: found it if someone need a hint creating the brute force PM me
can someone, please offer a hint (PM). I tried both Burp (super slow) and Hydra (keeps saying cannot resolve docker.hackthebox.eu - I can clearly ping it).
Update: correct hydra command goes a long way - pass cracked in 30 sec.
I’ve started Hydra with rockyou list. Am I doing it right? I’m wondering how long I should wait for it to find the password. I’ve been waiting for 20 minutes, still no result. Is it ok?
No, that’s not right. Should find it within 5 mins…the password is quite simple. Use hydra, watch out for the results…
For those using a good wordlist and are stuck, I ran into an issue (that was my fault) that I caught by configuring Hydra to use debug output. Just saying
so… I read most of the comments, I tried using hydra, and burp suite. All the talk about some files and parts to this challenge made me to question my approach…
I didn’t find hydra / burp highly useful for me so I made a quick python script that got me the flag in less than 2 minutes… I’m not sure if it was the best approach or not but… worked for me :-/
Hi all, I am looking for some assistance on this one. I have read through the posts on this thread and I have tried using hydra and Burp Suite to no avail, I think I might be missing something very obvious.
The flag is eventually accepted even though initially its says “Try Harder”.
Is there a second flag to this challenge that “mess” with the ETag thingy ?
if you can write me in pvt.