Authentication is the process of validating the identity of a registered user or process before enabling access to protected networks and systems. Now if you want learn more about Authentication refer to the Portswigger for more detail explanation about Authentication.
So in this tutorial I am going to explain about vulnerability in the login page through which we can identify what are the usernames of the registered users and then I we get the username then we can bruteforce it to find the password for that username.
So to Explain that I am going to use the lab from the portswigger website.
Lets get started,
What is our Final Goal?
we have to login to the one of the user account by find the username and password for that.
Description :-
This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:
To solve the lab, enumerate a valid username, brute-force this user’s password, then access their account page.
Lab Explaination:-
As we all know that Generally authentication happen through the login and to login to any website we need username and password for that right? so there can be many vulnerability in the login page so here login functionality have one vulnerability that if we try to login with wrong username then it display “wrong username” And if we try to login with valid username and invalid password the it display “Incorrect Password” So this is the Vulnerability we are going to use to login to the one of the user account
Lets start solving the lab:-
Here is the vulnerable login page
Now I am trying to login into it with any random username and password
As You can see in the above screenshot that it is displaying us the “Invalid username” So we can say that firstly it is checking for the username and then for the password and if the username is incorrect it display the “Invalid username”
As we know that list of username and password are provided so lets try to login with each and each and every username in the list of username.
So to try each and Every username here we are going to use BUrsuite Intruder to bruteforce
So I have intercepted the request in the butrpsuite send it to the intruder as you can see in the below screenshot
Now we have to bruteforce it so choose the attacker type to sniper, add payload position to the username then paste the list of username to the payload tab then check the grep match and select the “Invalid username” then start attack
Now we have Bruteforced it and you can see in the Below screenshot that there ‘-warning’ column and in the selected row there “incorrect Password” MEans we can say that username is correct and password is wrong
So now in the next step we are going to change the username to the “Argentina” and the bruteforce the password and remaining this we do is same as we done above for the username.
screenshot of the process of bruteforcing password is provided below
So As you can see that in the above screenshot that there 302 HTTP status code So we found the username and password which is “987654321” So we solved the Lab.
Now The main thing come is the What we learn from this
this vulnerability arise just due to the change in the response by some text like “Invalid Username” and “Incorrect Password” So From this we can say that Error should be same For all the combinations of the username and password
Error should Be same for all the combination of username and password
1. Correct Username AND Incorrect Password
2. InCorrect Username AND correct Password
3. InCorrect Username AND Incorrect Password