Attacking web applications with ffuf

Hi, I’ve been stuck on portion 3 of the attacking applications with fuzz for awhile now & was wondering if someone could tell me what I’ve done wrong.

The question is: “Try to use what you learned in this section to fuzz the ‘/blog’ directory and find all pages. One of them should contain a flag. What is the flag?”

I’ve tried:

ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u


ffuf -w /opt/useful/SecLists/Discovery/Web-Content/web-extensions.txt:FUZZ -u

both of which didn’t yield any results to get me a flag. I’m wondering what it is I’m doing wrong, as I’ve re-read the entire lesson and still I remain unaware as to how I’m supposed to get anywhere.

Any tips in the right direction will be much appreciated!

I used something similar to this. Maybe throw in the -ic to get rid of blank lines, although they shouldn’t break your whole command. Feel free to DM me with any errors you get after using it, I can probably help you troubleshoot them.