🔵Username enumeration via subtly different responses

This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

Candidate usernames
Candidate passwords

To solve the lab, enumerate a valid username, brute-force this user's password, then access their account page.

We will be enumerating username field first.

Under Settings > Grep - Match, we can enter the strings we want to search for. In this case, we are looking for the error message - Invalid username or password..

Username as does not show the expected error message. It could be the username that we are looking for.

set up password field as payload position

as:ginger returns a 302 code.

success

PreviousPassword reset broken logicNext2FA broken logic

Last updated