I'm trying to breach this endpoint: https://yieldcat.com/api/legacy-login , but i'm stuck.
So far i have a bunch of possible usernames, but all i got when i tried bruteforce login attempts is the duration of the login request.
The passwords are from an infostealer that infected one of the users in the list, but i don't know which one. I can't bruteforce all passwords on all users, it takes too long (there's some damned rate limit). I wish there was a way i can find which user those passwords belong
I've shared the usernames and passwords on pastebin
Usernames and the duration of login attempts: https://pastebin.com/rBS6SNaP
passwords from the infostealer: https://pastebin.com/UqJSd1uF