Password Spraying and Credential Stuffing Challenge Exercise

Career Paths Penetration Tester
1

I’m lost with this lab.
Task 1:

  1. In the Users.txt file, which user has “Happy123” as their password?
    Is this literally asking to grep the Users.txt file? If so, there is no Users.txt file although there is a users.txt
  2. There is no corresponding password file with the same number of users in the user.txt file, thus I cannot map the user to a password.
  3. I’m able to find the password in the Breach.txt file, but the user name does not match the length of characters of the Hint.

Task2
I’m not able to find that password on any .txt listed files.

Given the lab engagement constrain, I don’t know which way I can proceed to find those answers.

Any pointers are greatly appreciated…btw…

2

ok, I was able to finished this. One thing I’m learning more than anything is to take a step back and break. Of course when time is against you, then you have a disadvantage. I had to take a break and think of what is it that I was trying to accomplish. Had to sketch out and go over and redo my details till it was a simple step by step procedure, and reminded me that hydra is nice for this type of things along with simple patter finding tools.

3 Likes