By | December 16, 2020

In this article, we are telling you about Username Enumeration Vulnerability like what is Username Enumeration Vulnerability and when does it happen in a website.

Here we are telling you about Username Enumeration Vulnerability practically as we have told you by solving labs earlier also, you are being told to solve its lab here too.

Here you will also know it by the name of authentication because Username Enumeration Vulnerability comes in the same, it is being told to you for educational purpose, you should never use it wrongly.

Note – This article is only for educational purpose. Don’t miss use your knowledge and skills.

Username Enumeration Vulnerability ?

Before going about Username Enumeration Vulnerability, you should know what it is like as the name itself shows, here Enumeration is also found in the CEH module.

This bug occurs in a website when a weak password is given through a normal user or admin, or there is no setting of any kind of login attempt, in such a way that this bug occurs in a website.

Let us try to understand Username Enumeration Vulnerability by example, as if you have created an account on one of your websites, in such a way that your password is kept weak, in such a way it can be easily cracked through a bruteforce attack.

How to hack wifi using bruteforce attack

Username Enumeration Vulnerability

Just like if a website like facebook is allowed to login as many times as possible from an ip address, in such a way hackers can crack the password of an account through bruteforce attack

Like we must have also noted this many times when we attack bruteforce on a facebook account, in such a situation, the user’s account becomes temporary block only after trying 10-20 passwords.

Brute force attack is working for facebook

Like this, if we attack by changing the ip address through tor network or changing ip address, even after trying password more than one ip address, facebook blocks ip address itself. Vulnerability does not work.

Username Enumeration Vulnerability example ?

Let us now try to understand through the Username Enumeration Vulnerability example, here you are being told by solving a lab of this, you get more labs here, which you can try by yourself.

https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses

Username Enumeration Vulnerability

First of all, you run the burp suite normally, after this you have to access the lab as you have been told in all the earlier articles, how can you access a lab as you can see in the image.

Username Enumeration Vulnerability

After accessing the lab you have to login here, here you can login with the wrong username or wrong password, just like we have done here under the name freelearningtech, you can do it here too.

Username Enumeration Vulnerability

As you can see in the image, here you have been shown login url in http history, this has also shown you the wrong username and password, you will also be shown like this.

Username Enumeration Vulnerability

After doing all this, you have to send this request to the intruder as you have been told earlier when and how we use the intruder, we have to use it here as well.

https://portswigger.net/web-security/authentication/auth-lab-usernames

Username Enumeration Vulnerability

After doing all this, first of all we have to find the username from the list of simple payload as you can see in the image this list of username is also found with lab, we have to copy and paste it.

After doing all this, the attacker has to start, after starting the attack you get the user name as you can see in the image here, here you have a different show the length of the valid username.

In this way we get the user name, similarly we have to find the password as well as we had previously performed the brute force attack on the user name, now here we have to perform the brute force attack on the password.

https://portswigger.net/web-security/authentication/auth-lab-passwords

After doing all this, we also have to use the same password list to find the password, this is also found with the lab itself, here in our case everything will be different and in your case everything will be different.

Just as we have to show the length of the username separately, similarly here the length of the password is also shown to you separately, here you can use the intruder to attack brute force on any target.

Here now we have got both username and password, we have to access my account by login here, by doing this your lab resolves, here you can get an error

As you can see in the image, if you also get an error in this way, in such a way, you can open the login page once again, give username and password or refresh it.

After finding the correct username and password, when you login, in such a way that the page is open in front of you, here the username and password are different, in such a way that you do not get confused in any way.

The method is the same here because you are being shown separately because we have done this practical for the second time, in such a way, it is told that the username and password are available only after you change.

Here when you access my account after login, you can see that this lab is solved in some way, Username Enumeration Vulnerability works in a website.

Also Read

What are dom based vulnerabilities

Server side request forgery ssrf

Cross origin resource sharing vulnerability

The Conclusion

I hope now you can understand about Username Enumeration Vulnerability We have told you here by solving a lab of Username Enumeration Vulnerability.

In the same way, you can also solve other labs of Username Enumeration Vulnerability by solving it yourself, here you get more labs in authentication, which will be explained to you in detail.

We have told you here earlier about many different types of bugs practically, if you have not read our articles, then you can also read our articles.

If you have any kind of problem in solving other labs of Username Enumeration Vulnerability, in this way, you can ask in the comment, we will help you completely.

If you like this article of ours, then you must share this article with us, here everything is told for free like facebook hacking , whatsapp hacking as well as all the modules of CEH.

Subscribe to our blog for latest updates

Sharing is Caring

Thankyou.

Share This:

Leave a Reply

Your email address will not be published. Required fields are marked *