Lab: Username enumeration via different responses


save the password and usernames

access the lab



When we actually try to login as user that does not exist
we get the error message
which means that we have to find the correct user
that will return different result

see the request

send to intruder

load the usernames

We see different response from username app01

Now we will use that username
put the curly braces in password parameter

load password.txt

now we get different length and status code
302 status code means redirect to different page
which means like dashboard or account settings

now try to login
app01:password


other way using ffuf
copy the file to req.txt


ffuf -request req.txt -request-proto https -mode clusterbomb -w usernames.txt:FUZZUSER -w passwords.txt:FUZZPASS -mc 302

PreviousLab: Password reset broken logicNextLab: Username enumeration via subtly different responses
Last updated