Forum Discussion
Bronze IIIWeb server brute force authentication: Ep. 1 - Compromising an account
Pentesting is not part of my job.
If I tried using any of these tools in the real world I would be fired or put in jail.
With that as an introduction ...
I have no idea what I'm supposed to do in Authentication & Authorization Flaws -> Web server brute force authentication: Ep. 1 - Compromising an account
The ask is summarized as: "In this lab, you'll be tasked with finding an HTTP administrator panel that's running on a non-standard port number. Once you've located the port, you'll need to perform a brute force attack against any login pages you find to gain access to the token."
Suggested plan of attack:
nmap to identify port
hydra to brute force admin panel with provided creds.
HTH
2 Replies
- SamDickison
Community Manager
Hey QuickSloth​, I hope you don't mind, I changed the title of your post because it will probably help with getting a response from other users.
- barney
The ask is summarized as: "In this lab, you'll be tasked with finding an HTTP administrator panel that's running on a non-standard port number. Once you've located the port, you'll need to perform a brute force attack against any login pages you find to gain access to the token."
Suggested plan of attack:
nmap to identify port
hydra to brute force admin panel with provided creds.
HTH
