Fuzzy [Web]

edited July 8 in Challenges

Hi, could someone give me a hand for this web challenge please?
Thanks!

Ozunu

Tagged:
«1

Comments

  • Gobuster will help you, when you find the file you should look for the parameter.

    A third party tool on GitHub helped me in the second part :wink:

  • wfuzz with a big wordlist. Remember to try different extensions too!

    will135

  • Mhhh, I tried but just only for directory searching... cool thanks! @samsepi0l & @will135

    Ozunu

  • So the whole challenge is looking for the good wordlists ? :/

  • I tried with the wordlists which ippsec always use :smile: , but could find just only 3 directories, nothing more... :(

    Ozunu

  • Yes I found the interesting file, but can't find the parameter. Tried some wordlists...

  • there are tons of wordlists :smiley:

    Ozunu

  • How do you find the param?

  • I found the folders, and the file. Trying to fuzz the parameter...

  • edited July 9

    That's where I am stuck

  • @Crafty said:
    So the whole challenge is looking for the good wordlists ? :/

    Basically that's it. But the name of the challenge narrows down a little which wordlists are possible candidates. At least that's how I saw it.

    bianca

  • Found the parameter... Now hunting for valid values

  • hmmm not sure what to do with the file now that I have found it...

  • I finaly flagged it !
    It was a nice training for wfuzz after all :).

    All you have to do is to find the good wordlists and fuzz multiple time.

  • am I on the right track by looking at something the has not been set?

  • Yes, wfuzz it!

  • Just completed it.

    Happy to assist if needed.

  • Yep, I'm done too!!!

    Ozunu

  • I just found the right parameter but is there more than one by any chance?

  • edited July 9

    @n3m0 said:

    I just found the right parameter but is there more than one by any chance?

    nv got the flag...guess its just that one parameter : )

  • Still stuck trying to fuzz the param, any tips?

  • @GibParadox saved me from myself

  • just completed, had a lot of funzz! thx for the challenge @Arrexel !
    if anyone feel stuck and need a little nudge PM me

    Hack The Box

  • A good challenge, thanks to @prdcsm for hint and thnx to @Arrexel for making it.

    kamilonurz

  • Jeeze, def do not overthink the fuzz wordlist. Don't be me with a 10 million line count wordlist. KISS

    dflo16

  • Challenge complete.
    Simple challenge yet still taught me a thing or two. Thanks @Arrexel.

    If someone was helpful, don't forget to give +1 Respect.
    Arrexel

  • You can do the entire problem with wFuzz. You need to fuzz for a parameter and then for a value.

    Deleite

  • it is necessary in this challenge not to fuzz unnecessary

    tabacci

  • Type your comment> @will135 said:

    wfuzz with a big wordlist. Remember to try different extensions too!

    I have been trying the wordlists in SecLists couldn't find anything! point me to something..
    :/

Sign In to comment.