all InfoSec news
Authentication Bypass TryHackMe Write-Up
Sept. 2, 2023, 12:45 p.m. | Josephalan
System Weakness - Medium systemweakness.com
Username Enumeration
Creating accounts with different usernames. While creating those accounts existing usernames is not allowed to be taken by new users while signing up. Which leads to the discovery of different usernames which will enable the possibility of creating a wordlist to brute force various passwords.
While creating an account with the username admin
Using ffuf to enumerate usernames —
user@tryhackme$ ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u <http://10.10.84.98/customers/signup> -mr "username already exists"
Tags Explained …
bug bounty ctf cybersecurity tryhackme tryhackme-walkthrough
More from systemweakness.com / System Weakness - Medium
Analyzing WSH RAT
1 day, 13 hours ago |
systemweakness.com
The Essential Cybersecurity Mindset
1 day, 13 hours ago |
systemweakness.com
Secure Architecture: Infrastructure Controls
1 day, 13 hours ago |
systemweakness.com
Data Breaching in Secure Companies
1 day, 13 hours ago |
systemweakness.com
How Prompt Injection Can Steal Your Data
3 days, 17 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC