2.7 Lab: Username enumeration via account lock | 2024

This lab is vulnerable to username enumeration. It uses account locking, but this contains a logic flaw. To solve the lab, enumerate a valid username, brute-force this user’s password, then access their account page.

Candidate usernamesCandidate passwordsCapture the Log In request with Dummy Credentials and send it to IntruderChoose Cluster Bomb as the Attack Type. Add Username as the first Payload, Click the Cursor at the end of the password, and click Add 2 times to add a null payloadGo to the Payloads Tab, Use simple list and add the list of usernames which are provided in the DescriptionThen, go to the second payload list and set the payload type as Null PayloadsStart the Attack. After the attack is completed, click on the Length to sort it.You’ll find a Username with different lengthClose the current attack tab and go to Intruder with the same request.Choose Sniper Attack as Attack Type, clear the Payloads, replace the username value that we found, and add password as the payload positionGo to payload tab and paste the list of Password that are provided in the Description and Start the Attack.Click the Length to Filter the response. You can Now able to see a Password with different response length, note down the password and log in with the Credentials to solve the Lab