[Web] Lernaean

@CADMUX said:
anyone can help me …i used a lot of tools also and some takes a huge time… i have a lot of trouble to bypass … plz help

I had the same issue where it was going very slowly, try changing the number of threads it uses.

I have managed to log in but im not sure what to do now (SPOILER)

! I see in the header that Etag:““cd-55532bfca8680-gzip”” and Accept-Encoding:gzip, deflate. What i understand from this is that there is a gzip file which i somehow need to request and it will download - how do i do this? any help please

@ninjat looks like that’s a bit of a rabbit hole, but who knows

@ninjat try and login with a lower level “client”, or interecept the response after submitting the form.

Hints you guys mentioned are more than enough to solve this challenge. after spending couple of day i did laugh at me. Thank you buddies

I’m still having trouble with hydra. Can someone help me?

Same here

@stew3254 PM me i will help about that issue

All i can say is try a bit harder, all the information is there…

Im stuck on this one. I have used Burp to force through every wordlist on Kali except ‘Rockyou’ with no luck. I have tried to load up ‘RockYou’ but it crashes Burp. Am I missing something here or shall I persist with a way to get ‘RockYou’ working?

pm

Im trying with Burp and rockyou but it’s too slow, I’m on right track?

@B0bB0b said:
Im trying with Burp and rockyou but it’s too slow, I’m on right track?
use hydra

Spoiler Removed - Arrexel

@B0bB0b said:
Spoiler Removed - Arrexel

Your command is a little off. You need to use the ‘-s’ flag to specify a port and you need another colon after ‘^PASS^’ for the fail case. It’ll look like “/:password=^PASS^:Invalid password!”

how long does it take to compelete! its been running since morning! or am i going wrong!?

@B0bB0b said:
Im trying with Burp and rockyou but it’s too slow, I’m on right track?

nope

part my command isnt like by the tool, but I dont see what is wrong with it, all conditions appear to be present per its help file: -U http-post-form “/:password=^PASS^:Invalid password!”

I dont know why it is finding an additional colon after the !

Help for module /:password=^PASS^:Invalid password!:

The Module /:password=^PASS^:Invalid password! does not need or support optional parameters

Got it. SImple syntax error

Hey guys, I’ve gotten to the second part of the challenge and am pretty stuck. I understand that the next solution is with the ETag: “cd-55532bfca8680-gzip” . But I’ve tried Intercepting and changing the value and the If-None-Match value; I’ve thrown it in the Repeater… Not quite sure where to go next, still reading up on these parameters.

can someone suggest some valid wordlist to crack this thing! tried rockyou and the 10k sec one. nothing seems to work.