Brute-forcing and Enumeration

Intro:

Enumeration is a process in cybersecurity through which detailed information can be gathered about a target.

Username enumeration is essentially the process of discovering valid usernames within a system or a network. The information can be gathered by analyzing the response of the server when submitting different usernames. For instance, if a server provides a specific error message for an invalid username (e.g., "User does not exist") and a different message for a valid username with an incorrect password (e.g., "Incorrect password")

Password brute-forcing on the other hand is the technique of systematically trying out a large number of possible passwords for a given user until the correct one is found.

The Lab:

The lab begins with the homepage. From there we navigate to the "My Account" section in order to perform a login

As shown here, the default login credentials which were profided for the other labs do not work here. However, the lab does provide a list of possible username and passwords which can be tested out.

Usernames

Passwords

In OWASP Zap, intercept the login request

Send the request to the fuzzer for enumeration.

Note: Fuzzing the a software testing method of providing invalid unexpected, or random data as inputs to a computer program in order to identify errors or vulnerablities

Select the username for fuzzing

Add the username list provided by the lab for enumeration, and start the fuzzing process

Once the enumeration is completed, analyze the results and find the valid username based on the size of the response body. As showing in the picture, the valid username response is two bytes larger than the rest of the responses.

Next perform a fuzzing attack for the password.

Repeating the process done for the username, intercept the login request

Send the request to the fuzzer. Then select the password field,

and add a payload of possible passwords to brute-force.

Once the brute-force is completed, a valid request can be found with the 302 HTTP status code

Note: The HTTP 302 status code, known as "Found," indicates that the requested resource has been temporarily moved to a different URL. This code is commonly used for URL redirection, allowing clients (such as web browsers) to access the resource at the new location specified in the response's Location header.

Identify the password.

Once the valid username and respective password have been submitted, you will be logged in and pass the lab