🧪 Info Lab – Subtle Username Enumeration & Brute-force

This lab is subtly vulnerable to username enumeration and password brute-force attacks. It contains an account with a predictable username and password, both found in the wordlists below:

🔗 Useful Wordlists:

• 🧍‍♂️ Candidate Usernames
• 🔐 Candidate Passwords

🎯 Goal

To solve the lab:

1. Enumerate a valid username.
2. Brute-force the user's password.
3. Access the account page.

🧠 Approach

This lab is similar to the previous one, but the response differences are more subtle — requiring careful observation of status codes and response bodies.

🛠️ Steps

1. 📝 Fill the login form with any random username and password
2. 🧲 Intercept the request using Burp Suite
3. 🔁 Send the request to Repeater and observe the response
4. 🎯 Send the request to Intruder