Lab: Username enumeration via different responses
save the password and usernames
access the lab
When we actually try to login as user that does not exist
we get the error message
which means that we have to find the correct user
that will return different result
see the request
send to intruder
load the usernames
We see different response from username app01
Now we will use that username
put the curly braces in password parameter
load password.txt
now we get different length and status code
302 status code means redirect to different page
which means like dashboard or account settings
now try to login
app01:password
other way using ffuf
copy the file to req.txt
ffuf -request req.txt -request-proto https -mode clusterbomb -w usernames.txt:FUZZUSER -w passwords.txt:FUZZPASS -mc 302
PreviousLab: Password reset broken logicNextLab: Username enumeration via subtly different responses
Last updated