Fuzzy [Web]

caesimcaesim
edited July 2019 in Challenges

Hi, could someone give me a hand for this web challenge please?
Thanks!

Ozunu

Tagged:
«13

Comments

  • pr0mmingpr0mming

    Gobuster will help you, when you find the file you should look for the parameter.

    A third party tool on GitHub helped me in the second part :wink:

  • will135will135

    wfuzz with a big wordlist. Remember to try different extensions too!

    will135

  • caesimcaesim

    Mhhh, I tried but just only for directory searching... cool thanks! @samsepi0l & @will135

    Ozunu

  • CraftyCrafty

    So the whole challenge is looking for the good wordlists ? :/

    Crafty

  • caesimcaesim

    I tried with the wordlists which ippsec always use :smile: , but could find just only 3 directories, nothing more... :(

    Ozunu

  • CraftyCrafty

    Yes I found the interesting file, but can't find the parameter. Tried some wordlists...

    Crafty

  • caesimcaesim

    there are tons of wordlists :smiley:

    Ozunu

  • therealmotherealmo

    How do you find the param?

  • GibParadoxGibParadox

    I found the folders, and the file. Trying to fuzz the parameter...

  • therealmotherealmo
    edited July 2019

    That's where I am stuck

  • biancabianca

    @Crafty said:
    So the whole challenge is looking for the good wordlists ? :/

    Basically that's it. But the name of the challenge narrows down a little which wordlists are possible candidates. At least that's how I saw it.

    bianca

  • GibParadoxGibParadox

    Found the parameter... Now hunting for valid values

  • BadSecBadSec

    hmmm not sure what to do with the file now that I have found it...

  • CraftyCrafty

    I finaly flagged it !
    It was a nice training for wfuzz after all :).

    All you have to do is to find the good wordlists and fuzz multiple time.

    Crafty

  • BadSecBadSec

    am I on the right track by looking at something the has not been set?

  • GibParadoxGibParadox

    @MrNo

  • GibParadoxGibParadox

    Yes, wfuzz it!

  • GibParadoxGibParadox

    Just completed it.

    Happy to assist if needed.

  • caesimcaesim

    Yep, I'm done too!!!

    Ozunu

  • n3m0n3m0

    I just found the right parameter but is there more than one by any chance?

  • n3m0n3m0
    edited July 2019

    @n3m0 said:

    I just found the right parameter but is there more than one by any chance?

    nv got the flag...guess its just that one parameter : )

  • therealmotherealmo

    Still stuck trying to fuzz the param, any tips?

  • therealmotherealmo

    @GibParadox saved me from myself

  • prdcsmprdcsm

    just completed, had a lot of funzz! thx for the challenge @Arrexel !
    if anyone feel stuck and need a little nudge PM me

    Hack The Box

  • ko2secko2sec

    A good challenge, thanks to @prdcsm for hint and thnx to @Arrexel for making it.

    kamilonurz

  • dflo16dflo16

    Jeeze, def do not overthink the fuzz wordlist. Don't be me with a 10 million line count wordlist. KISS

    dflo16

  • Rainerd0x21Rainerd0x21

    Challenge complete.
    Simple challenge yet still taught me a thing or two. Thanks @Arrexel.

    If someone was helpful, don't forget to give +1 Respect.
    Arrexel

  • deleitedeleite

    You can do the entire problem with wFuzz. You need to fuzz for a parameter and then for a value.

    Deleite

  • tabaccitabacci

    it is necessary in this challenge not to fuzz unnecessary

    tabacci

  • ishansaha007ishansaha007

    Type your comment> @will135 said:

    wfuzz with a big wordlist. Remember to try different extensions too!

    I have been trying the wordlists in SecLists couldn't find anything! point me to something..
    :/

Sign In to comment.