[Web] Lernaean

pm

Im trying with Burp and rockyou but it’s too slow, I’m on right track?

@B0bB0b said:
Im trying with Burp and rockyou but it’s too slow, I’m on right track?
use hydra

Spoiler Removed - Arrexel

@B0bB0b said:
Spoiler Removed - Arrexel

Your command is a little off. You need to use the ‘-s’ flag to specify a port and you need another colon after ‘^PASS^’ for the fail case. It’ll look like “/:password=^PASS^:Invalid password!”

how long does it take to compelete! its been running since morning! or am i going wrong!?

@B0bB0b said:
Im trying with Burp and rockyou but it’s too slow, I’m on right track?

nope

part my command isnt like by the tool, but I dont see what is wrong with it, all conditions appear to be present per its help file: -U http-post-form “/:password=^PASS^:Invalid password!”

I dont know why it is finding an additional colon after the !

Help for module /:password=^PASS^:Invalid password!:

The Module /:password=^PASS^:Invalid password! does not need or support optional parameters

Got it. SImple syntax error

Hey guys, I’ve gotten to the second part of the challenge and am pretty stuck. I understand that the next solution is with the ETag: “cd-55532bfca8680-gzip” . But I’ve tried Intercepting and changing the value and the If-None-Match value; I’ve thrown it in the Repeater… Not quite sure where to go next, still reading up on these parameters.

can someone suggest some valid wordlist to crack this thing! tried rockyou and the 10k sec one. nothing seems to work.

@Boakill said:
Hey guys, I’ve gotten to the second part of the challenge and am pretty stuck. I understand that the next solution is with the ETag: “cd-55532bfca8680-gzip” . But I’ve tried Intercepting and changing the value and the If-None-Match value; I’ve thrown it in the Repeater… Not quite sure where to go next, still reading up on these parameters.

Hey @Boakill did you complete it. m stuck in the same place too. got any suggestions!?

Spoiler Removed - Arrexel

@MorningStar I have not figured it out yet. Haven’t had much time recently. If anyone has any pointers with the CTF part I’d be more that grateful. No spoilers though, still want to figure it out.

I feel blind… It was right in front of my face… My hint for those stuggling would be to read everything and make sure you know how to submit the final string. Good luck!!!

Spoiler Removed - Arrexel

@treadstone said:
Got it. SImple syntax error

can you please tell the proper command for hydra i got the same syntax error

@treadstone said:
Got it. SImple syntax error

can you please tell the proper command for hydra i got the same syntax error

Hey if you guys are struggling with the syntax for hydra, check out the tutorial on hydra on null-byte

Spoiler Removed - Arrexel, can’t get the second part. I am intercepting but I can’t find the redirect.