Help - ATTACKING WEB APPLICATIONS WITH FFUF

klausneil · April 21, 2021, 4:03am

Hi, i’m stuck in a question “One of the pages you will identify should say ‘You don’t have access!’. What is the full page URL?” i discover the virtual host and the folder but i dont see what is the file i use application as ffuf wfuzz dirbuster gobuster but i cant resolve this; anybody can help me.

neuroplastic · November 8, 2021, 6:02am

same problem, did you find the issue @klausneil ?

Ott3r · November 8, 2021, 6:28am

from the directory you found use /FUZZextension don’t use the -e option for ffuf
replace extension with whatever extension you’re testing for.
you’ll find what you need that way.

use directory-list-2.3-medium.txt

neuroplastic · November 8, 2021, 7:01am

got it, thanks

sud0nim · September 25, 2022, 3:30pm

I was just about to make a new post regarding this question but figured it out as I was making the post -
After multiple attempts, I wasn’t able to enumerate the page name with the -e switch, even with the correct extension listed. Haven’t figured out why yet. Nonetheless, by manually performing the fuzz on the appropriate resource, I was able to see the page they were referring to. However, this started my biggest challenge, which was entering the answer as they preferred it.

After a successful curl and receiving the described text, I copy/pasted the URL into the answer section only to be met with an incorrect response. Thinking there may be another page, my pursuit continued. Hours later, I clicked on the HINT and realized the format they wanted it in. Argh!!!

studenthulu · December 3, 2022, 5:36am

http://faculty.academy.htb:32451/courses/linux-security.php7 i am stuck too here can help me please

BadToro · February 7, 2023, 9:09am

try replacing your port number with the word PORT in your answer

str0k1rch · August 17, 2023, 8:16am

Thanks mate, this was very unintuitive i dont want to have to click “Hint”

Kaalvairav · October 7, 2023, 9:51pm

This is some crazy ■■■■… HTB just likes making life harder. The questions, hints and expected answer format takes way longer than completing the module itself.

kinryu · January 24, 2024, 7:22am

You sir, are a lifesaver. Thank you

Willsonrobert · January 24, 2024, 9:25am

Here are some tips to help you find it:

Think like a detective: What clues might the “No Trespassing” page have? Is there a specific error message? Does it mention any file names? Any unusual words or phrases?
Double-check your tools: Make sure you’re using the right settings and commands for your tools. Sometimes a typo or a missing flag can make all the difference.
Try a different approach: Maybe the “No Trespassing” page isn’t hidden behind a specific file. Could it be accessed through a different URL parameter or a hidden form?
Ask for help: Don’t be afraid to reach out to online communities or forums. There are plenty of friendly hackers out there who are happy to lend a hand.

Remember, the key is to be patient, persistent, and creative. Think outside the box, experiment, and don’t give up! Finding that “No Trespassing” page is just a matter of time and a bit of detective work.