|
| 1 | +*** |
| 2 | +# Authentication |
| 3 | +## Username enumeration via subtly different responses |
| 4 | +*** |
| 5 | + |
| 6 | +Yo, people!😎 It's been a while. Here is another lab solution based on PortSwigger Labs. This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists. Our task is to find the valid credentials and log in. Let's go, guys! |
| 7 | + |
| 8 | + |
| 9 | + Candidate usernames |
| 10 | + Candidate passwords |
| 11 | + |
| 12 | + |
| 13 | +<p align="center"> |
| 14 | + <img src="https://github.com/user-attachments/assets/e5afe668-554f-49f1-93ff-b80660446e56" alt="hacking" /> |
| 15 | +</p> |
| 16 | + |
| 17 | +*** |
| 18 | +### Authentication |
| 19 | +*Authentication vulnerability is a weakness in a system that allows attackers to bypass or break the process used to verify users' identities.* |
| 20 | + |
| 21 | +### End Goals: |
| 22 | +- Login valid credentials. |
| 23 | + |
| 24 | +*** |
| 25 | +### Steps To Reproduce: |
| 26 | + |
| 27 | + |
| 28 | + |
| 29 | +- Check all the features and functionality of the application. Be sure to enable your proxy to capture and analyze the and then go to the login functionality pages. |
| 30 | +- Enter any username and password you want, then send the request to the Intruder tab and modify some settings. |
| 31 | +- In the Payloads make sure that the Simple list payload type is selected and the list of candidate usernames, then in the Settings side panel.Under Grep - Extract, click Add. in the response that appearwe show scroll down we will see `Invalid username or password.` Use the mouse to highlight the text content of the message. then click ok to start the attacks. |
| 32 | + |
| 33 | + |
| 34 | + |
| 35 | + |
| 36 | + |
| 37 | +- In the results, we can see one response that doesn't have a period in the error message. This indicates it's valid. Let’s notice the username. |
| 38 | + |
| 39 | + |
| 40 | + |
| 41 | +- We have a valid username, so now let's enumerate the passwords to get the full credentials. |
| 42 | +- paste the list of passowrd in the payload configuration and start the attacks. |
| 43 | + |
| 44 | + |
| 45 | + |
| 46 | +- Only one response has a different code, 302, which means we have a valid password. |
| 47 | + |
| 48 | + |
| 49 | + |
| 50 | +- Logging in we sloved the labs. |
| 51 | + |
| 52 | + |
| 53 | + |
| 54 | +That's all, friends. Thank you for reading up to this point. I would like to hear your feedback on anything not clear here. Here is my Twitter account @[T3chnocr4t](https://twitter.com/T3chnocr4t). Feel free to DM me if you have any issues with my write-up. Thanks! |
| 55 | + |
| 56 | +[Go Back Home](https://t3chnocr4t.github.io/) |
0 commit comments