Writeup: Username enumeration via account lock

Lab link.

Certain suspicious accounts can be locked by the system. In this lab, our goal is to find the username first and then the password.

We don’t get any time block when we make a few wrong attempts. We move our request to the intruder. To get an account lockout error, we need to enter the password incorrectly many times. For this reason, we use a cluster bomb and try a username several times with different passwords. For our second payload, we chose “null payloads” because now we are only doing username enumeration.

If we leave the password empty, we will get a parameter error, so the following correction should be made in our payload:

username=§test§&password=test§§

Attack result “You have made too many incorrect login attempts. Please try again in 1 minute(s).” We accessed an account and found the username.

We do a classic password attack and get our password for username.

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir