Weak Passwords - Brute Force Attack
Beginner
A07:2021 - Authentication
100 points
Challenge Description
This login system has several security flaws:
- Users have chosen weak, common passwords
- There's no rate limiting on login attempts
- Error messages reveal whether usernames exist
- There's no account lockout after failed attempts
Your goal is to use a dictionary attack to discover the admin's password and access their secret data.
Learning Objective: Understand why strong password policies and brute-force protection are essential for secure authentication.
Login Form (Vulnerable)
Known Usernames:
adminjohnjanebobalice
Submit Flag
Hints
-10% per hint
Common Passwords
Top passwords used in dictionary attacks:
password12345612345678qwertyabc123monkey1234567letmeintrustno1dragonbaseballiloveyoumastersunshineashley
Debug Options