Academy - Attacking Web App with FFuF

Anyone else getting really frustrated with the ‘skills assessment’ section of the module. Fuzzing is not finding any pages (from any of the sub dom’s either) with any of the extensions. Tried on two different instances, nothing.

Anybody else having issues?

Never mind…it decided to find it this morning on its third instance.

Can someone please help me with the extensions in the final assessment. I have 3 extensions, but can’t accept it(I hope it is 3).
What is the right syntax ?
Thx

Hi, i’m also stuck on this one. I cant figure out if i’m missing the right wordlist or just having the wrong approach. BTW the machine lasts for only 90 minutes and big lists take way more time to fuzz. Maybe i should try with more threads? wouldnt that stress the machine? thx

Type your comment> @b0xy said:

Can someone please help me with the extensions in the final assessment. I have 3 extensions, but can’t accept it(I hope it is 3).
What is the right syntax ?
Thx
yes there are 3 extensions.
they need to be in alphabetical order which means numbers before letters
so without giving away spoilers, it goes shortest extension first, then numbered, then the one with s

help plz

Hi, im stuck in the last question of assessment.

Try fuzzing the parameters you identified for working values. One of them should return a flag. What is the content of the flag?

I already got the param “user” but not working my values fuzzing (i think wrong wordlist) can someone help me pls!

Thanks.

1 Like

When I first did this I think it gave me issues too.
I think it’s a tweak on what they teach you I can’t remember.
There is another post about this but check out GitHub - ffuf/ffuf: Fast web fuzzer written in Go for more information on using FFUF.

shouldnt post the flag silly lol

1 Like



This is the only results i get from Ffuf. No codes (200,300 etc.)

What did i do wrong? I got all the results without a flaw with GoBuster so the rhosts is OK. I cant finish the module like this (so far i got all the results/answers with gobuster but the module should be done with ffuf)

Earlier contact with HTB support suggested that i did should be looking in the tools settings but i didnt change any nor i do know where this should be done (I’m a beginner so follow mostly walkthroughs or simple boxes).

Since i cannot contact HTB support (function does not allow me to send any messages anymore) i hope to find my answer here soon :slight_smile:

did you get past this one or are you still stuck

Still stuck… had a few times that the results were readable but non of those times was in the module.

this happens when FFUF isn’t in a big enough terminal window. expand your terminal and you’ll get a nice pretty output like they show in the lesson.

I know this is a few weeks old, but replying just in case. I spent AGES wondering why ffuf was recommended everywhere when the output looked awful before I figured this one out.

1 Like

Tried, didnt work.

DOne with ffuf tool. Apparently is does not work for me, only too bad I cannot finish the module.