Solution for Username enumeration via different responses
Abdul Majid Jamil
Cyber Security & Digital Forensic - Researcher | Consultant | VAPT | Trainer | Ethical Hacker | Incident Responder | Executive IT(ICT) - IBA | B.E Telecom - IU | Certified Cyber Security - IBA |
It is the first lab created on behalf of misconfigured authentications in Port swigger.?Without further ado, let me get to the solution.
When we log in to the Lab, a page like this welcomes us.
Since our business is with the login side, we log in to the "Account login" section.
We can guess about the working mechanism by doing a simple experiment.?
Username:admin
Password:123456
When we try something like this, we get an error like this.
It tells us that the value entered in the Username input is invalid.?In such cases, the first thing that comes to our mind is to find the right username.?If the system tells us that the username is incorrect, it will probably issue a warning when it is correct.
This is where the burp suite comes into play.?We hold the requesti and perform a brute force attack with the payload list that portswigger gave us in the intruder.
After saying "Start Attack", we leave the burp suite for a while and look for a difference in the "Length" part.
And we've already noticed a change.?When we take a look at its Response, we see the “Incorret Password” section and in fact, we have achieved our goal.
Now that we understand the conversation, it's time for the password part.
This time we sat down and we are waiting for the "302" code in the status section.?If you don't know about HTTP status codes.
Yes, we got it.
We logged into the system with admin authority and thus we solved this lab.