LogoLogo
  • 🤩Welcome!
  • Buffer overflow
    • Remote Buffer Overflow
      • Crashing the Application
      • Controlling the EIP
      • Finding Bad Characters
      • Finding a Return Address
      • Generating Shellcode
      • Getting a Shell
  • Wireless Penetration Testing
    • Wifi Pineapple - Tetra
      • Setup
      • Firmware Upgrade
      • Capturing Wireless Handshake
      • Cracking WPA2 Handshake
      • PineAP
      • Modules
  • PortSwigger Labs
    • Authentication
      • Username enumeration via different responses
      • Username enumeration via subtly different responses
      • Username enumeration via response timing
  • TryHackMe
    • 🎄Advent of Cyber 3 (2021)
      • [Day 1] Save The Gifts
      • [Day 2] Elf HR Problems
      • [Day 3] Christmas Blackout
      • [Day 4] Santa's Running Behind
      • [Day 5] Pesky Elf Forum
      • [Day 6] Patch Management Is Hard
      • [Day 7] Migration Without Security
      • [Day 8] Santa's Bag of Toys
      • [Day 9] Where Is All This Data Going
  • Google Cloud Computing
    • ☁️Cloud Computing Fundamentals
      • Getting Started with Cloud Shell and gcloud
      • Creating a Virtual Machine
      • App Engine: Qwik Start - Python
      • Cloud Functions: Qwik Start - Command Line
      • Kubernetes Engine: Qwik Start
      • Set Up Network and HTTP Load Balancers
Powered by GitBook
On this page
  • Enumeration
  • Exploitation
  • Username Enumeration
  • Password Enumeration

Was this helpful?

  1. PortSwigger Labs
  2. Authentication

Username enumeration via different responses

This lab is vulnerable to username enumeration and password brute-force attacks.

PreviousAuthenticationNextUsername enumeration via subtly different responses

Last updated 3 years ago

Was this helpful?

The target site has an account with a predictable username and password, which can be found in the following wordlists:

To solve the lab, enumerate a valid username, brute-force this user's password, then access their account page.

Enumeration

Home Page

Login Page

Upon Inspection of the login page, we are able to get a detailed response regarding the entered information.

Exploitation

Username Enumeration

Setup burp to intercept requests.

Make a login request with random credentials and intercept it with burp.

In the response of that request, we are able to see that the site returns Invalid Username

Right-click on the POST request and send it to the intruder tab

Head over to the Intruder tab and clear all markings

Mark only the username field

Head over to the payloads tab under Intruder and make sure the following options are set and paste the username list for enumeration.

Payload set: 1
Payload type: Simple List

Once done, hit start attack. (ignore error, if any)

Once, attack is completed, sort the requests according to Length. When done so, one of the requests should have a longer length compared to the rest as shown below.

Upon further inspection of that request, we are able to see a new error as such. This confirms that the username is indeed application

Incorrect password

Password Enumeration

Now repeat the process all over again but target the password field with the password list while keeping the username a constant.

Right-click on the POST request and send it to the intruder tab

Setup the positions as such

Paste the password list where the username list was

Start the attack

Once, attack is completed, sort the requests according to Length. When done so, one of the requests should have a longer length compared to the rest as shown below. The 302 status code indicates a redirect and looking at the location parameter in the response confirms that we have indeed got the right password. (soccer)

Upon Logging in with the found credentials, we complete the lab.

application:soccer

✅

814B
usernames.txt
850B
passwords.txt
Login Form
Login Form
Error Message