Lab: Username enumeration via different responses

save the password and usernames

access the lab

When we actually try to login as user that does not exist

we get the error message

which means that we have to find the correct user

that will return different result

see the request

send to intruder

load the usernames

We see different response from username app01

Now we will use that username

put the curly braces in password parameter

load password.txt

now we get different length and status code

302 status code means redirect to different page

which means like dashboard or account settings

now try to login

app01:password

other way using ffuf

copy the file to req.txt

ffuf -request req.txt -request-proto https -mode clusterbomb -w usernames.txt:FUZZUSER -w passwords.txt:FUZZPASS -mc 302

Last updated 1 year ago