Computer Networking > EXAM > Attacking Web Applications with Ffuf: Hack The Box Module 54 (All)

Attacking Web Applications with Ffuf: Hack The Box Module 54

Document Content and Description Below

Attacking Web Applications with Ffuf: Link to challenge: https://academy.hackthebox.com/module/54 (log in required) Class: Tier 0 | Easy | Offensive Before we begin: in the pwnbox, the wordlists we will use are in default located in the directory ‘/usr/share/seclists/Discovery/Web-Content’. it will be true throughout the module, unless specified otherwise. Basic Fuzzing Directory Fuzzing: Question: In addition to the directory we found above, there is another directory that can be found. What is it? Answer: forum Method: we will use the wordlist ‘directory-list-2.3-small.txt’ and the ffuf command: ffuf -w /usr/share/seclists/Discovery/Web-Content/directorylist-2.3-small.txt:FUZZ -u http://:/FUZZ -s using the ‘-s’ flag to silence unnecessary output: We got the value ‘forum’. Page Fuzzing: Question: Try to use what you learned in this section to fuzz the '/blog' directory and find all pages. One of them should contain a flag. What is the flag? Answer: HTB{bru73_f0r_c0mm0n_p455w0rd5} Method: Method 1: we will use the wordlist ‘web-extensions.txt’ which contains extensions for webpages, on the parameter ‘index’ to see what extensions are out there: ffuf -w /usr/share/seclists/Discovery/Web-Content/webextensions.txt:FUZZ -u http://:/indexFUZZ *we assume here the path-name is ‘index’. * * * The extension ‘php’ returned status code 200 (success), lets make another scan for php pages in ‘/blog’: ffuf -w /usr/share/seclists/Discovery/Web-Content/directorylist-2.3-small.txt:FUZZ -u http://:/blog/FUZZ.php -s Going for the discovered URL on browser: http://:/blog/home.php Method 2: we can also combine the 2 commands above to a single command, bruteforcing both the path-name and the extension simultaneously, negating the need to assume the path-name ‘/index’ in the original technique. However, due to the nature of 2 word-lists, the bruteforcing of this method is a far more lengthy process, taking approximately 10 minutes: ffuf -w /usr/share/seclists/Discovery/Web-Content/directorylist-2.3-small.txt:FUZZ1 -w /usr/share/seclists/Discovery/Web-Content/webextensions.txt:FUZZ2 -u http://:/blog/FUZZ1FUZZ2 -mc 200 -fs 0 * * Recursive Fuzzing: Question: Try to repeat what you learned so far to find more files/directories. One of them should give you a flag. What is the content of the flag? Answer: HTB{fuzz1n6_7h3_w3b!} Method: lets run recursive search for php files using the command: ffuf -w /usr/share/seclists/Discovery/Web-Content/directorylist-2.3-small.txt:FUZZ -u http://:/FUZZ -recursion -recursion-depth 1 -e .php -v -mc 200 -fs 0 using death-1

[Show More]

Last updated: 5 days ago

Preview 5 out of 20 pages

Get Access

Instant download after payment

Card Payments

₿ Crypto Accepted

Instant download