Welcome to our
Cyber Security News Aggregator
.Cyber Tzar
provide acyber security risk management
platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.
First slide label
Some representative placeholder content for the first slide.
Second slide label
Some representative placeholder content for the second slide.
Third slide label
Some representative placeholder content for the third slide.
Username Enumeration in Mutillidae using Burpe Intruder.
published on 2013-11-11 07:46:00 UTC by nirav desaiContent:
Mutillidae is a free, open source, vulnerable web-application providing a target for web-security tester. Mutillidae can be installed on Linux and Windows using LAMP, WAMP, and XAMMP.
Username Enumeration :- We have an application that will reveal to us when a username exists on the system which can be used in further step like brute-force account.
In Mutilliade login page , when you provide valid username & invalid password , web-application reply us that password incorrect.
When we provide invalid username ; then application tell us that Account does not exist.
So by monitoring web-application message one can know that username is valid or not.
First we will examine source code of page ; when we provide valid username reply is "var lAuthenticationAttemptResultFlag = 1" & when we provide invalid username reply is "var lAuthenticationAttemptResultFlag = 0"
var lAuthenticationAttemptResultFlag = 1 It means username exist.
var lAuthenticationAttemptResultFlag = 0 It means username does not exist.
Alternatively we can do this by saving both page (valid username & invaild username) source code in text file & then use diff command.
root@bt:~# diff login password
762c762
< var lAuthenticationAttemptResultFlag = 0;
---
> var lAuthenticationAttemptResultFlag = 1;
Now Open burpe suite, setup listener ; try to sign in from browser & capture request.
Now right click on request & click on send to inrtuder.
For position we choose only username.
On payload tab ---) payload option ----) load sample username list.
In option tab ---) Grep match ---) Add
var lAuthenticationAttemptResultFlag = 1; var lAuthenticationAttemptResultFlag = 0;
Click on intruder ---) start Attack
Now Burpe make request to login page & examine request & classified responce according to option which we provided.
Click on save , result table & Delimiter click on custom & put ";" ,then select column which we need , in this case i select payload,var lAuthenticationAttemptResultFlag = 1,var lAuthenticationAttemptResultFlag = 0 and then save it.
Saved file is look like following format.
In file first is username ; then true means username exist , false menas username is invalid. So now we only need entry which second column is true.
So i saved this value in another temp file from where you can extract username from file using delimiter. I used simple python script for this purpose.
Finally we got list of username which exist on system.
Username Enumeration :- We have an application that will reveal to us when a username exists on the system which can be used in further step like brute-force account.
In Mutilliade login page , when you provide valid username & invalid password , web-application reply us that password incorrect.
When we provide invalid username ; then application tell us that Account does not exist.
So by monitoring web-application message one can know that username is valid or not.
First we will examine source code of page ; when we provide valid username reply is "var lAuthenticationAttemptResultFlag = 1" & when we provide invalid username reply is "var lAuthenticationAttemptResultFlag = 0"
var lAuthenticationAttemptResultFlag = 1 It means username exist.
var lAuthenticationAttemptResultFlag = 0 It means username does not exist.
Alternatively we can do this by saving both page (valid username & invaild username) source code in text file & then use diff command.
root@bt:~# diff login password
762c762
< var lAuthenticationAttemptResultFlag = 0;
---
> var lAuthenticationAttemptResultFlag = 1;
Now Open burpe suite, setup listener ; try to sign in from browser & capture request.
Now right click on request & click on send to inrtuder.
For position we choose only username.
On payload tab ---) payload option ----) load sample username list.
In option tab ---) Grep match ---) Add
var lAuthenticationAttemptResultFlag = 1; var lAuthenticationAttemptResultFlag = 0;
Click on intruder ---) start Attack
Now Burpe make request to login page & examine request & classified responce according to option which we provided.
Click on save , result table & Delimiter click on custom & put ";" ,then select column which we need , in this case i select payload,var lAuthenticationAttemptResultFlag = 1,var lAuthenticationAttemptResultFlag = 0 and then save it.
Saved file is look like following format.
In file first is username ; then true means username exist , false menas username is invalid. So now we only need entry which second column is true.
So i saved this value in another temp file from where you can extract username from file using delimiter. I used simple python script for this purpose.
https://tipstrickshack.blogspot.com/2013/11/username-enumeration-in-mutillidae.html
Published: 2013 11 11 07:46:00
Received: 2024 02 20 16:43:00
Feed: Hacking and Tricks
Source: Hacking and Tricks
Category: Cyber Security
Topic: Cyber Security
Views: 1
