Abusing mod_userdir to enumerate user accounts
UserDir provides access to the user directories by using URIs with the syntax
/~username/. With Nmap we can perform dictionary attacks and determine a list of valid usernames on the web server.
This recipe shows you how to make Nmap perform brute force attacks to enumerate user accounts in Apache web servers, with
How to do it...
To try to enumerate valid users in a web server with
mod_userdir; use Nmap with these arguments:
$ nmap -p80 --script http-userdir-enum <target>
All of the usernames that were found will be included in the results:
PORT STATE SERVICE 80/tcp open http |_http-userdir-enum: Potential Users: root, web, test
How it works...
-p80 --script ...