Lab: Username enumeration via different responses

---

Task

So this lab is vulnerable to username enumeration and password brute-force attacks. We’ll need the wordlist provided when it is time to bruteforce

Navigate to the website,

Lets login with something random, then we capture the request using burpsuite and send it over to burp intruder

Now that we have the captured request, we can go ahead to insert a payload marker

Now, lets configure our payloads, for the first payload set, we’ll copy the content of the candidate usernames provided to us in this lab

For the second payload set, we’ll copy the content of the candidate passwords provided to us in this lab

Now we can start the attack after configuring both payloads

We can see that the status code and length for that request is actually different. Lets try to login with this creds

username:vagrant password:hunter

We have successfully solved this lab

---

Lab: Username enumeration via subtly different responses

---

Task

Our task is to access this account by performing a valid username enumeration and bruteforce the user’s password

Navigate to the webpage

Lets login with something random, then we capture the request using burpsuite and send it over to burp intruder

Now that we have the captured request, we can go ahead to insert a payload marker

Now, lets configure our payloads, for the first payload set, we’ll copy the content of the candidate usernames provided to us in this lab

For the second payload set, we’ll copy the content of the candidate passwords provided to us in this lab

Now we can start the attack after configuring both payloads