Info 📜:

This lab's password change functionality makes it vulnerable to brute-force attacks.

Goal 🎯:

To solve the lab, use the list of candidate passwords to brute-force Carlos's account and access his "My Account" page.

• Your credentials: wiener:peter
• Victim's username: carlos
• Candidate passwords

How to Solve the Lab 🛠️

1. Open the application and log in with your credentials 🔑:
   • username: wiener
   • password: peter
2. Change the password 🔄:
   • The app will ask for the current password and a new password.
   • Set the new password to peter1 for this example.
3. Observe the request and response 🧐:
   • Pay attention to the response and the message the application sends back.
4. Try different password combinations:
   • First, make the current password incorrect and set the new password and confirm password the same.
   • Then, make the current password correct but set the new password and confirm password to be different.
   • This should trigger the message: "New passwords do not match".
5. Intercept the request using Burp Suite:
   • Intercept the request and send it to Intruder.
6. Configure Burp Intruder 🖥️:
   • Set the payload position on the current-password parameter.
   • Change the username to carlos.
   • Select the list of passwords from the lab to be used as payload.
7. Go to Settings ⚙️:
   • In the Settings panel, go to Grep-Match.
   • Clear any existing matches, then click Add and enter:

New passwords do not match

1. Start the attack 🚀

1. Once the attack finishes, you should see a response containing the "New passwords do not match" message. This indicates you have found the correct password.