[Web] Lernaean

Are challenges time based?

(Trying to avoid spoilers) After many attempts to bypass auth, I caved and tried another approach. When I tried to login again with a result of that approach, the page loaded saying "Opps, too late!". Restarting the instance doesn't seem to help. Does this mean I failed the challenge?

«134

Comments

  • Nope! You're on the right track. Try intercepting the requests and responses to see what is happening.

    Arrexel

  • OMG, nice trick. I had to intercept it 4 times before I saw it.

  • @Greenjam94 said:
    OMG, nice trick. I had to intercept it 4 times before I saw it.

    Can you help me? What do I have to see there? Give hint pls

  • I must be overthinking this. Created some custom wordlists relating to this topic and am still not having luck recovering the password. Any help?

  • check your settings then...

    peek

  • make sure the password failure message is noted by your 'tool'. why custom? (u sure the pass is there?) use the regular ones.
  • @rlymdk said:

    @Greenjam94 said:
    OMG, nice trick. I had to intercept it 4 times before I saw it.

    Can you help me? What do I have to see there? Give hint pls

    Same here, can't figure it out.
    Any hint?

  • My attempt is taking ages, even with normal list :/

    DedSecK

  • @DedSecK said:
    My attempt is taking ages, even with normal list :/

    You must be doing something wrong it took me like 5 minutes to get the password (i used a stock wordlist on kali)

  • i seem to have the wrong wordlist - does anybody used the rockyou lists? Intruder is running wild..

  • edited December 2017

    maybe i just got the wrong tools

  • @Punchlinekoala said:
    i seem to have the wrong wordlist - does anybody used the rockyou lists? Intruder is running wild..

    your comment is kind of spoiler :3

  • edited December 2017

    @D4n1aLLL said:

    @Punchlinekoala said:
    i seem to have the wrong wordlist - does anybody used the rockyou lists? Intruder is running wild..

    your comment is kind of spoiler :3

    Well - hope the edit helps

  • anyone can help me ..i used a lot of tools also and some takes a huge time.. i have a lot of trouble to bypass ... plz help

  • @CADMUX said:
    anyone can help me ..i used a lot of tools also and some takes a huge time.. i have a lot of trouble to bypass ... plz help

    I had the same issue where it was going very slowly, try changing the number of threads it uses.

    I have managed to log in but im not sure what to do now (SPOILER)

    I see in the header that Etag:""cd-55532bfca8680-gzip"" and Accept-Encoding:gzip, deflate. What i understand from this is that there is a gzip file which i somehow need to request and it will download - how do i do this? any help please

  • @ninjat looks like that's a bit of a rabbit hole, but who knows

  • @ninjat try and login with a lower level "client", or interecept the response after submitting the form.

  • Hints you guys mentioned are more than enough to solve this challenge. after spending couple of day i did laugh at me. Thank you buddies

  • I'm still having trouble with hydra. Can someone help me?

  • @stew3254 PM me i will help about that issue

  • All i can say is try a bit harder, all the information is there...

  • Im stuck on this one. I have used Burp to force through every wordlist on Kali except 'Rockyou' with no luck. I have tried to load up 'RockYou' but it crashes Burp. Am I missing something here or shall I persist with a way to get 'RockYou' working?

  • Im trying with Burp and rockyou but it's too slow, I'm on right track?

  • @B0bB0b said:
    Im trying with Burp and rockyou but it's too slow, I'm on right track?

    use hydra

  • edited April 2018

    Spoiler Removed - Arrexel

  • edited April 2018

    @B0bB0b said:
    Spoiler Removed - Arrexel

    Your command is a little off. You need to use the '-s' flag to specify a port and you need another colon after '^PASS^' for the fail case. It'll look like "/:password=^PASS^:Invalid password!"

    berninator

  • how long does it take to compelete! its been running since morning! or am i going wrong!?

  • @B0bB0b said:
    Im trying with Burp and rockyou but it's too slow, I'm on right track?

    nope

Sign In to comment.