Instruction
This lab is subtly vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:
To solve the lab, enumerate a valid username, brute-force this user’s password, then access their account page.
Solution
1. Find login request and send to Burp Intruder
First, try to login from web UI and back to Burp Suite find the login request from Proxy > HTTP history and send to Burp Intruder.
2. Find the valid username
2.1. Configure payload
Configure the Intruder payload using this step:
- block the value of
username - click
Add - choose payload type as
number list - paste the username wordlists from here
Setup the Grep - Extract from the Setting panel.
and now click Start attack button.
2.3. Check the attack results
After the attack is finished, we have new column named "warning", click this column for sorting the rows and we notice that the error message is different among the others.
It indicate the auth is a correct username.
3. Find the valid password
3.1. Configure payload
Now use the username that we found from the previous step for brute force the login password. Configure the password with this steps:
- set the
usernamebased on prev step - block the value of
password - click
Add - set payload type as
number list - paste the password wordlists from here
- click the
Start attack
3.2. Check the attack results
Check the results with this steps:
- sort the column
Status code - notice that the top row we receive
302response that indicate success login.
4. Test login
Open the web ui in login page, try to login with username and password that we found from previous steps.
Thanks for reading
