{ "id": "2e030961-e491-3aa1-8d41-66225837c0a7", "name": "Attacking Login Page: Math Captcha", "slug": "attacking-login-page-math-captcha", "status": "published", "lab_type": "pta", "is_sample": false, "duration_in_seconds": 1800, "metadata": { "courses": [ "1dce1618-55b6-4205-9799-e509ad2b2c77", "415d990e-1f7c-3d61-ac1e-cef23dc8abd3" ], "pta_sdn": "2172", "collections": [ "76c00716-998d-4d49-a401-725593badebe" ], "pta_namespace": "attackdefenselabs", "learning_paths": [], "has_published_parent": true }, "session": null, "company": "a491bc32-c056-4946-9169-cc053387bada", "created": "2022-03-17T11:44:11.319114Z", "modified": "2024-11-27T14:52:46.947946Z", "is_beta": false, "lab_objectives": [], "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa", "learning_areas": [ { "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa", "name": "Cyber Security", "slug": "cyber-security" } ], "categories": [ { "id": "5cbe2ba7-8f55-4e03-bf7b-91d1eeae776e", "name": "Broken Authentication" }, { "id": "e737c9b9-5d56-4780-a99c-dbe143d29184", "name": "OWASP Top 10" } ], "tags": [], "difficulty": "advanced", "is_web_access": false, "is_lab_experience": true, "is_featured": false, "cve": null, "severity": null, "year": null, "classification": null, "is_trackable": false, "cpe_credits": null, "is_skill_check": false, "external_url": "", "solution_video": null, "explanation_video": null, "description": "Adding Captcha on the login page might slow down automated brute force and dictionary attacks. However, captcha is not enough to prevent such attacks, various programing libraries are available to process the captcha and automate the attack. \n \nIn this lab exercise, we will take a look at how to automate an attack on login page with math captcha.\u00a0 \n \nObjective:\u00a0Find the password of \"admin\" user and retrieve the flag.\u00a0 \n \nInstructions:\u00a0 \n\n\n* This lab is dedicated to you! No other users are on this network :)\n* Once you start the lab, you will have access to a root terminal of a Kali instance\n* Your Kali has an interface with IP address 192.X.Y.2. Run \"ip addr\" to know the values of X and Y.\n* The target server should be located at the IP address 192.X.Y.3.\n* Do not attack the gateway located at IP address 192.X.Y.1\n* The password contains the characters \"4aMx]\" and the length is 5.", "description_html": "

Adding Captcha on the login page might slow down automated brute force and dictionary attacks. However, captcha is not enough to prevent such attacks, various programing libraries are available to process the captcha and automate the attack.

\n

In this lab exercise, we will take a look at how to automate an attack on login page with math captcha.\u00a0

\n

Objective:\u00a0Find the password of \"admin\" user and retrieve the flag.\u00a0

\n

Instructions:\u00a0

\n", "tasks": "", "tasks_html": "", "published_date": "2022-03-17T11:44:11.319114Z", "solutions": "The solution for this lab can be found in the following manual:\n https://assets.ine.com/labs/ad-manuals/walkthrough-2172.pdf", "solutions_html": "

The solution for this lab can be found in the following manual:\n https://assets.ine.com/labs/ad-manuals/walkthrough-2172.pdf

", "flags": [], "min_points_to_pass": null, "access_type": "default", "user_status": "unstarted", "user_lab_status": null, "user_status_modified": null, "user_flags": [], "global_running_session": null }