Notice: _load_textdomain_just_in_time işlevi yanlış çağrıldı. Translation loading for the perfect-portfolio domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Ayrıntılı bilgi almak için lütfen WordPress hata ayıklama bölümüne bakın. (Bu ileti 6.7.0 sürümünde eklendi.) in /home/margheri/public_html/wp-includes/functions.php on line 6121
Writeup: Username enumeration via account lock - Aleyna Doğan

Writeup: Username enumeration via account lock

Lab link.

Certain suspicious accounts can be locked by the system. In this lab, our goal is to find the username first and then the password.

We don’t get any time block when we make a few wrong attempts. We move our request to the intruder. To get an account lockout error, we need to enter the password incorrectly many times. For this reason, we use a cluster bomb and try a username several times with different passwords. For our second payload, we chose “null payloads” because now we are only doing username enumeration.

If we leave the password empty, we will get a parameter error, so the following correction should be made in our payload:

username=§test§&password=test§§

Attack result “You have made too many incorrect login attempts. Please try again in 1 minute(s).” We accessed an account and found the username.

We do a classic password attack and get our password for username.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir