Aleyna
Lab link. When we send the request, we see that it goes in JSON format and if we make a certain number of mistakes, we are blocked from IP. By sending more than one password in the JSON structure, we can achieve a successful login. We bring our passwords to JSON structure with Sublime text …
Lab link. Certain suspicious accounts can be locked by the system. In this lab, our goal is to find the username first and then the password. We don’t get any time block when we make a few wrong attempts. We move our request to the intruder. To get an account lockout error, we need to …
Lab link. We need to find the password for the user carlos. We know there is a logic flaw, so let’s make a few false entries and try to understand the system. After 3 login attempts, the system displays “You have made too many incorrect login attempts. Please try again in 1 minute(s).” error. We …
Lab link. Lab gave us the information “This lab is vulnerable to username enumeration using its response times.” At first, we log in with the wiener:peter credentials given to us on the login page We have successfully logged in and now we will log out and try to log in again, but this time with …