2.4 Lab: Username enumeration via subtly different responses | 2024

Description

This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

Candidate usernamesCandidate passwords

To solve the lab, enumerate a valid username, brute-force this user’s password, then access their account page.

Solution

Capture the Request of Login Form using dummy credentialsSend it to Intruder and add Username as the payloadGo to Payload and paste the Usernames mentioned in the DescriptionOn the Settings tab, under Grep — Extract, click Add.Click Fetch response and scroll down until you find the error message Invalid username or password.Use the mouse to highlight the text content of the message. The other settings will be automatically adjusted. Click OK and then start the attack.After the Attack is Completed, sort out the Column which contains the error messageNotice that the Error message does not have a dot (.) at the end of the sentenceNow, close the result tab. Go to Intruder, change the value of username to apache in the request, and add the password as the PayloadGo to the payload tab, clear the usernames, paste the list of passwords provided in the Description, and Start the AttackAfter the attack is completed, click on the status code column to filter thatNow we can able to see the password which has status code of 302Use the Username and Password to Log in to the Account to solve the Lab