[Web] Lernaean

The tips are on the login page, read carefully, after completing the first part, intercept the request and use the head, if necessary, repeat.

I Use hydra and burp to do this.
PM if u need a tip :slight_smile:

If you need subtle hints and some education with it, feel free to PM :smiley:

I’m using Burp and Hydra, but can anyone point me to a tutorial/ hints on how its done so much faster, there must be another way the brute forcing it.

@GChester google out Lernaean.

Problem solved. I’d got my syntax wrong…

solved, instructive challenge

so easy
dont complicate things once you got the password you will get the flag

Cool challenge learnt something new. Reading is important in this one.

I’ve started Hydra with rockyou list. Am I doing it right? I’m wondering how long I should wait for it to find the password. I’ve been waiting for 20 minutes, still no result. Is it ok?

I struggled a bit with this one, but I would give some advice, use Hydra to get the password for the login, then Burp Suite for the next part, good luck!

hummm Hydra give me 16 valid pass and none is good, its that possible?? i use rockyou.txt, download of a one page…

There’s no need to use Burp, you can do it with the Inspect Element option of Firefox. I don’t know why it doesn’t work with Chrome.

curl is your friend after hydra ;d

I m new here. Never used hydra before. So getting errors. Can anyone help me to use hydra

@Sapo said:
hummm Hydra give me 16 valid pass and none is good, its that possible?? i use rockyou.txt, download of a one page…

I have the same issue. Did you ever come to a solution as to why you were having that issue? If so could you please offer a hint or some guidance. Thanks.

@ManikSpinz said:

@Sapo said:
hummm Hydra give me 16 valid pass and none is good, its that possible?? i use rockyou.txt, download of a one page…

I have the same issue. Did you ever come to a solution as to why you were having that issue? If so could you please offer a hint or some guidance. Thanks.

UPDATE: The issue ended up being my syntax. For others who got stuck here I forgot to put the parameters in quotes and forgot to put a space between the two words returned in the failed login response. As a general tip you should only get 1 valid password returned. I am new here so if I said too much please forgive me and feel free to delete/edit my update.

Hmm, that was a very intersting challange for me i have used a python request module, and a worldist and some if statment, and it took me 2min to get the flag, it just a basic programming with reqeusts

It took me sometime to get the correct syntax with Hydra. Play a little with it and you will made it. I broke it in 28 minutes with 64 threads.

easy flag. Hydra syntax WAS everything for getting password.