Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You're correct, it's not enumeration, but it's easier than pure brute force. As the article itself suggests, if the company does use a predictable user name format (and most do), it's pretty trivial to look up their employees on LinkedIn, create a list of likely usernames, and then check if they exist.


A.k.a. .. enumeration.


No, enumeration would be if you can get the entire list of usernames somehow.


> No, enumeration would be if you can get the entire list of usernames somehow.

It's still a form of enumeration.

Once you know the generation scheme, you can always enumerate some form, perfect or otherwise.


Enumeration means a specific thing, that you get a full or paginated list of things and all you need to do is hit it. This isn't enumeration at all. It's like you saying you know the bucket keys to a hashtable so you can enumerate it by hitting them one by one, except in this case you don't even know the keys.


If there are rate limits, or if the search space is vast, this is notably more limited (even if arguably still enumeration)


And then what?


Send targeted phishing mails.


Our company got hit with this. I guess there's no way to recover from this other than do our best to block these.


How does knowing the AWS username allow you to send a more effective phishing email? Especially if the username is just the user's... name. That's public info.


I can already do that by sending them for root. This seems like trying to make something out of nothing.


Are you stuck in the 70s or something? I can't recall the last time I read email addressed to root.


My friend, the main AWS account is called the root account and its username is root, so your zinger didn't zing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: