Username Enumeration via different responses

This lab can be solved using Burp Suite's intruder to perform a brute-force attack.

Using burp interception, we first input some random credentials and try to login on the website, noticing the "Invalid username" error.

On burp, we send the intercepted response on the login form to intruder.

The first step is to find the correct username, so we just run an attack with the usernames wordlist provided.

Having found our username, its time to find the correct password. The process is the same, but instead we use the correct username in the "Username" field and select the password field as our attack field, alongside the passwords wordlist.

This time, instead of only looking at the length, we are also looking for a different status response. Every query will return a "200" status response, so we are looking for a "302" which means a URL redirection happened, or in other words, we were able to login.

Using our brute-forced credentials we are able to login and complete the lab.