Fuzzy [Web]

Hi, could someone give me a hand for this web challenge please?

Gobuster will help you, when you find the file you should look for the parameter.

A third party tool on GitHub helped me in the second part :wink:

wfuzz with a big wordlist. Remember to try different extensions too!

Mhhh, I tried but just only for directory searching… cool thanks! @samsepi0l & @will135

So the whole challenge is looking for the good wordlists ? :confused:

I tried with the wordlists which ippsec always use :smile: , but could find just only 3 directories, nothing more… :frowning:

Yes I found the interesting file, but can’t find the parameter. Tried some wordlists…

there are tons of wordlists :smiley:

How do you find the param?

I found the folders, and the file. Trying to fuzz the parameter…

That’s where I am stuck

@Crafty said:
So the whole challenge is looking for the good wordlists ? :confused:

Basically that’s it. But the name of the challenge narrows down a little which wordlists are possible candidates. At least that’s how I saw it.

Found the parameter… Now hunting for valid values

hmmm not sure what to do with the file now that I have found it…

I finaly flagged it !
It was a nice training for wfuzz after all :).

All you have to do is to find the good wordlists and fuzz multiple time.

am I on the right track by looking at something the has not been set?


Yes, wfuzz it!

Just completed it.

Happy to assist if needed.

Yep, I’m done too!!!