Academy Skills Assessment - Web Fuzzing

I’m having quite a bit of difficulty with the Skills Assessment for Academy Module: Attacking Web Apps with Ffuf.

  • I’ve discovered 3 subdomains under academy.htb
  • I’ve discovered 3 extensions that are in use
  • On two of the subdomains I’ve found a single directory
  • On one of the two subdomains I’ve found a file under that directory.
    But the question that asks: One of the pages you will identify should say ‘You
    don’t have access!’. What is the full page URL? It doesn’t accept any form of the URL of the file that I’ve found.
  • I’ve fuzzed the parameters for that file under that directory, and discovered 1
    parameter
  • I’ve tried to fuzz values for that parameter both using GET and POST and I’ve had no luck

??? I would greatly appreciate any guidance

It doesn’t accept any form of the URL of the file that I’ve found.

Try to use word “PORT” instead of the real port, ex. http://URL:PORT/directory/…

1 Like

Sheehandustryn,
Figured it out.

So to fuzz all the subdomain pages at once, I’m using a for loop like this:

for sub in archive test faculty; do ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://:30862$sub.academy.htb/FUZZ -recursion -recursion-depth 1 -e .php,.phps,.php7 -v -t 200 -fs 287 -ic; done

But I’m curious if anyone knows if there is a more streamlined way to fuzz multiple subdomain pages at once?