* * * Konan challenge * * * This challenge contains login by username and OTP code First, I sent an admin in user parameter And I show the second request, it had oneparameter OTP

Kenzy challenge (Cyber wargames 2022) SQL Injection + Captcha bypass Challenge description: This login page is protected by captcha to deny any brute force attack. 1. The captcha is not fully secure 2. Login page functionality is vulnerable to Blind SQL Injection Attack vector Bypassing captcha and getting the flag from database. Steps to solve this challenge Detect SQL Injection …

Note: Since its a private program, I will call it example.com Server behavior If you send many requests, the reset password will block you with response code => 429 and response message “Too many requests”. Attempts in testing 1- Change the user-agent header’s value randomly in every request. [Failed] 2- Adding…