Type your comment> @deleite said:
You can do the entire problem with wFuzz. You need to fuzz for a parameter and then for a value.
Actually this is wrong. For sake of correctness, you will need to fuzz:
- A directory
- A filename
- A correct extension
- A parameter name
- A parameter value
In the end, you will come up with an HTTP GET request , for which you will get the flag. However, given the low score you will get and the high difficulty of figuring out different wordlists which one to select for correct fuzzing, I give this challenge a THUMBS DOWN. :neutral: