Delete username enumeration section from account-takeover.md

Removed section on username enumeration via recovery answers, including example command.

Author: carlospolop

src/pentesting-web/account-takeover.md

@@ -97,17 +97,6 @@ username=admin_ef01cab31aa&new_answer1=A&new_answer2=B&new_answer3=C
 
 Anything gated by the victim's `$_SESSION` context (admin dashboards, dangerous stream-wrapper features, etc.) is now exposed without touching the real answers.
 
-### Username enumeration via recovery answers
-Many security-question portals leak whether a username exists via differential messaging (e.g., only nonexistent users return `User not found.`). Send a constant trio of bogus answers and fuzz the username list, filtering out responses containing the "not found" string:
-
-```bash
-ffuf -d 'username=FUZZ&answer1=x&answer2=x&answer3=x' \
-  -u http://file.era.htb/security_login.php \
-  -H 'Content-Type: application/x-www-form-urlencoded' \
-  -fr 'User not found.' \
-  -w /opt/SecLists/Usernames/Names/names.txt
-```
-
 Enumerated usernames can then be targeted via the overwrite technique above or reused against ancillary services (FTP/SSH password spraying).
 
 ## **Response Manipulation**
@@ -164,7 +153,6 @@ With the new login, although different cookies might be generated the old ones b
 
 - [https://infosecwriteups.com/firing-8-account-takeover-methods-77e892099050](https://infosecwriteups.com/firing-8-account-takeover-methods-77e892099050)
 - [https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea](https://dynnyd20.medium.com/one-click-account-take-over-e500929656ea)
-
 - [0xdf – HTB Era: security-question IDOR & username oracle](https://0xdf.gitlab.io/2025/11/29/htb-era.html)
 {{#include ../banners/hacktricks-training.md}}