Fuzzy [Web]

Burp Pro FTW xD

So as a nooob. Everyone seems to point to fuzzing the elements to the end, however is the first part of this directory traversal? trying to better comprehend terms.

finding the endpoint is easy. but looking for the correct parameter and value is not easy.

Not Really a Spoiler
you can check my github repository and observe the tool I used for finding the endpoint.

lots of tools to do this i simply used D*******r … no issue with wordlist

Pwned, the most difficult is instance stop while enum

A fun challenge. This was a good way to learn some different fuzzing tools, as well as their strengths and weaknesses!

wfuzz + common wordlist for 1000 words

Quick little challange, but as people has mentioned, good brush up on wfuzz :slight_smile:

Would be interesting to see a challenge like this that incorporates a WAF element. Ideas ideas. Maybe I can come up with one to share sometime.

any clue how to get find parameters ?? kinda newbie here

Like the name suggests, it’s all about fuzzing.
At one point I thought I was getting trolled because I didn’t find anything and started enumerating… but luckily I checked the forums.

If you are stuck, just try other wordlists. There are no rabbit holes.

If you are looking for files then it is sometimes a good idea to hard-type the file extension. E.g. try all the common ones:
wfuzz […] -u [host]/directory/FUZZ.html
wfuzz […] -u [host]/directory/FUZZ.htm
wfuzz […] -u [host]/directory/FUZZ.php
wfuzz […] -u [host]/directory/FUZZ.asp
… etc.

You don’t need giant wordlists. All of the words are rather common.
Like has been said before, you are looking for directories, files, params, param-values.

Wfuzz is your friend. Learned a lot about the tool with this challenge.

I enjoyed this one a lot and learned something new about wfuzz. When it comes to wordlists → Just use the one you are always using, there is nothing exotic in this challenge. (I used one of the lists that ship with Kali) Feel free to PM me if you need a hint.

I have a big issue with web challenges. Every time if I try to enumerate information about a service/node, the instance is crashing. For example with nmap, gobuster, nikto, …

Also only with 5 threads:

gobuster dir -u http://docker.hackthebox.eu:32079/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -t 5 -x php,txt,html,htm

Update:

Sorry, it was my fault, the problem was on my side. My firewall was blocking the scan.

I could find the directory and file name but when i bruteforce for paramter name it gives me 200 ok for all responses any hints ?

I find the folder and also the file but i’m not able to find the correct parameters & value to pass…

Man, I love challenges like these, that end up basically serving as incredible hands-on tutorials. Really fun for weeknights.
Make sure you have the right parameters and switches set in wfuzz.

Completed. Very good challenge I suggest getting comfortable with either wfuzz or ffuf. Make sure you run large wordlists to fuzz the param, it took me a while

@cfor hope it’s not too late. Anyway, there are other criteria to check the parameter with :wink:

Fun challenge, apart from the last step solved with wfuzz