## https://sploitus.com/exploit?id=F006DF9D-DDA7-5D71-B531-6AE11BCA7B7F
Python automation of the following [write up](https://www.vicarius.io/blog/bypassing-account-lockout-on-elabftw-and-brute-force-login-cve-2022-31007) on an elabFTW account lockout bypass and login brute force that affects versions before 4.1.0.
Both scripts can be used against Proving Grounds Practice lab named Source, which is running a vulnerable version of elabFTW - a free and open source electronic lab notebook.
The account login requires an email address so a valid domain of any potential user needs to be known before brute forcing user names.
Once a valid account is found put that into the login brute force script.