Username enumeration via different responses

This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

To solve the lab, enumerate a valid username, brute-force this user's password, then access their account page.

like usual I like to start out with admin admin login.

capture it in burp and sent it to intruder

since I'm using Burp community edition ill have start the attack with sniper see if the word list has username. set your payload markers on first admin where username is.

I copy and paste the payloads from the user name wordlist.

Notice one of the words in the list was different length, I inspect the response and render the page and saw incorrect password.

since I got the username appserver with wrong pass word I'm use cluster bomb the brute force the pass word from the list to crack the account.

First payload list. username

Second payload list. password

Well i took to long to do the lab so i had to reboot a new machine. but steps are the same. the username end up being ai next round and the password end up being klaster.

log in the account with credentials Username: ai Password klaster

Last updated