I’m having quite a bit of difficulty with the Skills Assessment for Academy Module: Attacking Web Apps with Ffuf.
I’ve discovered 3 subdomains under academy.htb
I’ve discovered 3 extensions that are in use
On two of the subdomains I’ve found a single directory
On one of the two subdomains I’ve found a file under that directory.
But the question that asks: One of the pages you will identify should say ‘You
don’t have access!’. What is the full page URL? It doesn’t accept any form of the URL of the file that I’ve found.
I’ve fuzzed the parameters for that file under that directory, and discovered 1
parameter
I’ve tried to fuzz values for that parameter both using GET and POST and I’ve had no luck
So to fuzz all the subdomain pages at once, I’m using a for loop like this:
for sub in archive test faculty; do ffuf -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://:30862$sub.academy.htb/FUZZ -recursion -recursion-depth 1 -e .php,.phps,.php7 -v -t 200 -fs 287 -ic; done
But I’m curious if anyone knows if there is a more streamlined way to fuzz multiple subdomain pages at once?
If you’re seeing this bump that thread count to 200!!! (-t 200) trust me itll be soooo much better, cut it down from about 50 min to like 15 while doing the recursion step.
Spoiler - I’m trying to find the right parameters and it’s not finding anything, I’m not sure whether this is normal and it’s getting annoying because I’m including all the right flags taught in the module.