I just found the right parameter but is there more than one by any chance?
@n3m0 said:
I just found the right parameter but is there more than one by any chance?
nv got the flag…guess its just that one parameter : )
Still stuck trying to fuzz the param, any tips?
@GibParadox saved me from myself
just completed, had a lot of funzz! thx for the challenge @Arrexel !
if anyone feel stuck and need a little nudge PM me
Jeeze, def do not overthink the fuzz wordlist. Don’t be me with a 10 million line count wordlist. KISS
Challenge complete.
Simple challenge yet still taught me a thing or two. Thanks @Arrexel.
You can do the entire problem with wFuzz. You need to fuzz for a parameter and then for a value.
it is necessary in this challenge not to fuzz unnecessary
Type your comment> @will135 said:
wfuzz with a big wordlist. Remember to try different extensions too!
I have been trying the wordlists in SecLists couldn’t find anything! point me to something…
wfuzz with a big wordlist.
I have been trying the wordlists in SecLists couldn’t find anything! point me to something…
In my experiments I used Kali built-in wordlist and all fuzzed well.
The sense is to choose correct point for Fuzzy.
Solvable only with wfuzz.
Make sure to try different extensions, and know the standard way of passing a parameter and its value to a web application.
@TsukiCTF : I solved this challenge with Burp Pro 
recalled bruteforcing good challenge
Flag captured! Learned ■■■■-ton from this challenge! Thanks, @tabacci @GibParadox for your kind assistance. Let’s move on. #TRYHARDER
Type your comment> @deleite said:
You can do the entire problem with wFuzz. You need to fuzz for a parameter and then for a value.
Actually this is wrong. For sake of correctness, you will need to fuzz:
- A directory
- A filename
- A correct extension
- A parameter name
- A parameter value
In the end, you will come up with an HTTP GET request , for which you will get the flag. However, given the low score you will get and the high difficulty of figuring out different wordlists which one to select for correct fuzzing, I give this challenge a THUMBS DOWN. :neutral:
Type your comment> @qmi said:
Type your comment> @deleite said:
You can do the entire problem with wFuzz. You need to fuzz for a parameter and then for a value.
Actually this is wrong. For sake of correctness, you will need to fuzz:
- A directory
- A filename
- A correct extension
- A parameter name
- A parameter value
In the end, you will come up with an HTTP GET request , for which you will get the flag. However, given the low score you will get and the high difficulty of figuring out different wordlists which one to select for correct fuzzing, I give this challenge a THUMBS DOWN. :neutral:
You should know the difference between wrong and/nor different/incomplete.
First 3 steps you point, are easy with any content discovery tool.
Spoiler Removed
Spoiler Removed