Hacking Tutorials

How I Dumped All The Cybrary Usernames

Hi there! I am Hulk from Avengers. Haha just kidding, I am Iron Man.

So here’s the story, I prefer reading research papers and write ups than courses made by your “Security Specialists” but about a month ago, I decided to join Cybrary.

But then I saw their login page

Hmm…So they are using wordpress“, I said to myself with a spark in my eyes.

I thought it would be a great idea to test a thing that I learned recently, dangers of exposed WP-JSON API. So I visited the following page for a quick and dirty test:

https://www.cybrary.it/wp-json/wp/v2/users

It retrieved usernames as expected but I wasn’t happy with the results because there were just 10 usernames in the response but as we know the number of Cybrary users is in thousands.
I didn’t know what to do so to take a break I wrote a script to automate this:

Ignore those display names lmao.

So I showed this screenshot to my team mates and Shivam replied with a screenshot of wpscan and said, “Why would someone use your script if wpscan can enumerate the users too?”. He was right, I did nothing special, I didn’t discover anything new.
But then I saw the usernames enumerated by wpscan are different than users enumerated by my script.
Without wasting any time, I dived into the source code of wpscan to find out how it enumerates usernames.
I saw the wordpress uses the following query to enumerate usernames

example.com/?auhor=id

Whoa! That was something cool and unexpected.
But hey! Why it didn’t enumerate ALL the usernames?
Well if an id doesn’t retrieve any username, wpscan would quit the scan.
*facepalm*

I never expected wpscan programmers to be this du… *coughs* never mind.
I decided to write my own script which can keep running even after encountering a inactive user id.

*5 minutes into programming and chill*

Hell yeah!

I quickly contacted Cybrary support and told them about the issue, they did reply but didn’t fix the issue. Our email thread consists of 18 emails and its been a month now so I am just disclosing my findings.

Do you want to download the script? Alright here you go

https://github.com/UltimateHackers/Zoom

That’s all for now!

Also Read: Doxing Tutorial : Doxing The Youngest Certified Hacker

About the author

D3V

I am Somdev Sangwan also known as D3V. I am n00b and I love computers and hacking. I am a python freak and your friendly neighborhood hacker.

4 Comments

Click here to post a comment

Subscribe Now

Subscribe for free and get latest articles delivered right into your inbox.

Thank you for subscribing.

Something went wrong.

Categories