[Web] Lernaean

anyone can help me …i used a lot of tools also and some takes a huge time… i have a lot of trouble to bypass … plz help

@CADMUX said:
anyone can help me …i used a lot of tools also and some takes a huge time… i have a lot of trouble to bypass … plz help

I had the same issue where it was going very slowly, try changing the number of threads it uses.

I have managed to log in but im not sure what to do now (SPOILER)

! I see in the header that Etag:““cd-55532bfca8680-gzip”” and Accept-Encoding:gzip, deflate. What i understand from this is that there is a gzip file which i somehow need to request and it will download - how do i do this? any help please

@ninjat looks like that’s a bit of a rabbit hole, but who knows

@ninjat try and login with a lower level “client”, or interecept the response after submitting the form.

Hints you guys mentioned are more than enough to solve this challenge. after spending couple of day i did laugh at me. Thank you buddies

I’m still having trouble with hydra. Can someone help me?

Same here

@stew3254 PM me i will help about that issue

All i can say is try a bit harder, all the information is there…

Im stuck on this one. I have used Burp to force through every wordlist on Kali except ‘Rockyou’ with no luck. I have tried to load up ‘RockYou’ but it crashes Burp. Am I missing something here or shall I persist with a way to get ‘RockYou’ working?

pm

Im trying with Burp and rockyou but it’s too slow, I’m on right track?

@B0bB0b said:
Im trying with Burp and rockyou but it’s too slow, I’m on right track?
use hydra

Spoiler Removed - Arrexel

@B0bB0b said:
Spoiler Removed - Arrexel

Your command is a little off. You need to use the ‘-s’ flag to specify a port and you need another colon after ‘^PASS^’ for the fail case. It’ll look like “/:password=^PASS^:Invalid password!”

how long does it take to compelete! its been running since morning! or am i going wrong!?

@B0bB0b said:
Im trying with Burp and rockyou but it’s too slow, I’m on right track?

nope

part my command isnt like by the tool, but I dont see what is wrong with it, all conditions appear to be present per its help file: -U http-post-form “/:password=^PASS^:Invalid password!”

I dont know why it is finding an additional colon after the !

Help for module /:password=^PASS^:Invalid password!:

The Module /:password=^PASS^:Invalid password! does not need or support optional parameters

Got it. SImple syntax error

Hey guys, I’ve gotten to the second part of the challenge and am pretty stuck. I understand that the next solution is with the ETag: “cd-55532bfca8680-gzip” . But I’ve tried Intercepting and changing the value and the If-None-Match value; I’ve thrown it in the Repeater… Not quite sure where to go next, still reading up on these parameters.