{
    "id": "cbf02b81-ff31-39f4-a645-148f6d20fa9c",
    "name": "Unlimited Attempts",
    "slug": "unlimited-attempts",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "1dce1618-55b6-4205-9799-e509ad2b2c77",
            "17214602-7ce2-4413-bdd2-efc077ca8443",
            "415d990e-1f7c-3d61-ac1e-cef23dc8abd3"
        ],
        "pta_sdn": "2367",
        "collections": [],
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2022-03-17T11:44:08.510537Z",
    "modified": "2024-11-27T14:52:47.732590Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [],
    "tags": [],
    "difficulty": "advanced",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": true,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": "98d7708f-0c37-3965-8000-183ceb1585c0",
    "explanation_video": null,
    "description": "Over the past few years, web application developers have migrated from traditional architecture to API-driven architecture.\u00a0 The authentication, authorization, sensitive data, etc are being handled by APIs these days. A misconfiguration or a vulnerability\u00a0 is all an attacker needs to do significant damage\n\nIn this lab, we will take a look at how the lack of rate-limiting could be leveraged to perform brute force attacks and bypass authentication.  \n\n\nObjective:\u00a0Brute force the 4 digit one-time password and bypass the authentication.\u00a0  \n\n\nURL:\u00a0https://zl6h2bz2yh.execute-api.ap-southeast-1.amazonaws.com/dev",
    "description_html": "<p>Over the past few years, web application developers have migrated from traditional architecture to API-driven architecture.\u00a0 The authentication, authorization, sensitive data, etc are being handled by APIs these days. A misconfiguration or a vulnerability\u00a0 is all an attacker needs to do significant damage</p>\n<p>In this lab, we will take a look at how the lack of rate-limiting could be leveraged to perform brute force attacks and bypass authentication.  </p>\n<p>Objective:\u00a0Brute force the 4 digit one-time password and bypass the authentication.\u00a0  </p>\n<p>URL:\u00a0https://zl6h2bz2yh.execute-api.ap-southeast-1.amazonaws.com/dev</p>",
    "tasks": "",
    "tasks_html": "",
    "published_date": "2023-09-01T20:17:49.526942Z",
    "solutions": "",
    "solutions_html": "",
    "flags": [
        {
            "name": "Flag",
            "type": "short-text",
            "uuid": "d009ecab-bbb2-434d-8b5e-7c12b0c901c9"
        }
    ],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}