In this video, we cover Lab #1 in the Authentication module of the Web Security Academy. This lab is vulnerable to username enumeration and password brute-force attacks. It has an account with a predictable username and password, which can be found in the following wordlists:

• Candidate usernames
• Candidate passwords

To solve the lab, we enumerate a valid username, brute-force this user's password, then access their account page.

▬ 🔗 Links 🔗 ▬▬▬▬▬▬▬▬▬▬

Notes.txt document: https://github.com/rkhal101/Web-Security-Academy-Series/blob/main/broken-authentication/lab-01/notes.txt

Web Security Academy Lab Exercise: https://portswigger.net/web-security/authentication/password-based/lab-username-enumeration-via-different-responses

Rana's Twitter account: https://twitter.com/rana__khalil