Hi, I’ve been stuck on portion 3 of the attacking applications with fuzz for awhile now & was wondering if someone could tell me what I’ve done wrong.
The question is: “Try to use what you learned in this section to fuzz the ‘/blog’ directory and find all pages. One of them should contain a flag. What is the flag?”
I’ve tried:
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://139.59.181.223:30246/blog/FUZZ.php
and
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u http://139.59.181.223:30246/blog/indexFUZZ
both of which didn’t yield any results to get me a flag. I’m wondering what it is I’m doing wrong, as I’ve re-read the entire lesson and still I remain unaware as to how I’m supposed to get anywhere.
Any tips in the right direction will be much appreciated!