Burp Suite User Forum

Login to post

Account brute force lock out

El | Last updated: Jul 21, 2021 07:18PM UTC

Hi, I'm trying to solve this lab https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-account-lock. I found the username I try to brute force password but the account always locks out after 3 tries...What can I do ? Community edition

Michelle, PortSwigger Agent | Last updated: Jul 22, 2021 02:10PM UTC

Hi Thanks for your message. When you are running the Intruder attack to brute force the password you may see two different errors. There should also be one in the list that has no error messages at all. You can see this in action in the Community Solution video linked to the lab and we have tested this here to confirm this is currently working. If you try working through the lab again following the video instructions, you might spot what is different and this might help you to complete the lab. Good luck! Michelle Gillian Technical Product Specialist PortSwigger

You need to Log in to post a reply. Or register here, for free.