🧪 Info Lab – Username Enumeration & Password Brute-force

This lab is vulnerable to username enumeration and password brute-force attacks. It contains an account with a predictable username and password that can be found in the wordlists below:

🔗 Useful Wordlists:

• 🧍‍♂️ Candidate Usernames
• 🔐 Candidate Passwords

🎯 Goal

To solve the lab:

1. Enumerate a valid username.
2. Brute-force the user's password.
3. Access the account page.

💡 Idea

We need to perform a brute-force attack on both the username and password.

There are two main ways to do this:

• 🔫 Using Intruder with Burp Suite
• 🐍 Using a Python script

🔍 Step-by-Step – Using Burp Suite Intruder

1. 🧭 Open the lab