Wohoo got it. This level is a timing attack. After guessing the username, the error page will show you what the password was supposed to be. It changes way to fast to just resubmit the password, so you have to figure out what the password is supposed to be and submit that...
Think timezone, curl, and md5.
Okay, more for those who are interested in this level:
Lynx or w3m can be used so you can enter your username and password without jumping through a bunch of hoops.
Make sure your system time is sync'd up.. I used the linux command:
sudo ntpdate 126.96.36.199
Thanks syndrowm, this level was easy with your help!
Post a Comment