Fuzzy [Web]



  • @cfor hope it's not too late. Anyway, there are other criteria to check the parameter with ;)

  • Fun challenge, apart from the last step solved with wfuzz

  • Finally got the flag. It took me longer than expected and I had to try lots of versatile thinking. Want to say a huge thanks to samsepi0l, since it was his / her post that point me to the right direction in order to finish the challenge. Still another "thank you" goes to all of you, because you made me try over and over, especially when I thought I was in the wrong way.
    By the way, some of you mentioned that you solved it only using wfuzz. Could someone PM me and let me know how?

    Nice... Going to the next challenge!

  • I would like to precise for those who struggle with first part of this challenge: the --hc 404 command allows you to display only the interesting part ;)

    Concerning the second part of this challenge, I can try to brute-force parameter and value but what is the result I'm waiting for ? Every request ends up with a 200 answer...

  • Nice challenge to learn wfuzz. Thanks @Arrexel for noob-friendly challenge. Thanks @TsukiCTF, @deleite and @qmi for much needed hints!


  • Have had some hard time trying to find out how to make parameter return a valid one, lol. Learned a new thing with it!
    If anyone needs help, feel free to pm.

  • It is a nice challenge to get introduced to wfuzz (or any other fuzzing tool you prefer).
    Using the right wordlist is of course required, but the first one I used was sufficient for the entire challenge (it came build-in with Kali).

    If you're stuck, feel free to reach out.

  • that was a quick one.
    the wordlist retry was what took longer.
    feel free to dm for tips


  • Very fun challenge!! I have never used these tools, so, i learned a new thing. A lot of thanks @Arrexel

Sign In to comment.