I am about to give up on this module. I’m stuck on page 5 “Weak Bruteforce Protections” and can’t answer question 2: “Work on webapp at URL /question2/ and try to bypass the login form using one of the method showed.” Hint: “This web server doesn't trust your IP!”.
I get the hint and used the method described in the section to change what my IP looks like in the header. I rewrote the provided python script several times, tried with hydra and ffuf, but I don’t find anything. I worked on the scada cvs to make it work with the script, used rockyou and several of the default credential lists of SecLists.
Can anyone give me a hint? This is really frustrating.