ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-big.txt:FUZZ -w /opt/useful/seclists/Discovery/Web-Content/web-extensions.txt:FUZZ_2 -w subs.txt:FUZZ_3 -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-big.txt:FUZZ_4 -u http://FUZZ_3academy.htb:52336/FUZZ/FUZZ_4FUZZ_2 -v -t 200
Stuck on question 3 of the FUZZ assesment
BELOW FUFF IS BAD:
ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -w subs.txt -u http://FUZZ_2academy.htb:52336/FUZZ -recursion -recursion-depth 1 -e .php,.php7,.phps -t 200 -v
left off here. I may not be able to fuzz the subdomains or I am entering them wrong.
As you can see from the command above I forgot to add the :FUZZ_2 at the end of my subdomain file.
This one seemed to work:
ffuf -w /opt/useful/seclists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -w subs.txt:FUZZ_2 -u http://FUZZ_2academy.htb:39570/FUZZ -recursion -recursion-depth 1 -e .php,.php7,.phps -t 200 -v -mc 200Now I am getting http://faculty.academy.htb:39570/courses/ and http://faculty.academy.htb:39570/courses/linux-security.php7as a possible answer to 3
For answer 4 I first did a GET request
ffuf -w /opt/useful/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://faculty.academy.htb:39570/courses/linux-security.php7?FUZZ=key -v
Then a POST request
ffuf -w /opt/useful/seclists/Discovery/Web-Content/burp-parameter-names.txt:FUZZ -u http://faculty.academy.htb:39570/courses/linux-security.php7?FUZZ=key -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs 774This helped getting the answers
Completed it without my newest code snippet but the answer was in yesterdays notes anyways.
I want to learn more FFUF and might add it to the Sylabus or add it to a “Before CWEE training part”