Fuzzy [Web]

gotroot · March 20, 2020, 4:42am

Completed. Very good challenge I suggest getting comfortable with either wfuzz or ffuf. Make sure you run large wordlists to fuzz the param, it took me a while

locki · March 26, 2020, 10:41pm

@cfor hope it’s not too late. Anyway, there are other criteria to check the parameter with

flipthecoin · March 27, 2020, 9:45am

Fun challenge, apart from the last step solved with wfuzz

Madmat27 · March 27, 2020, 1:09pm

Finally got the flag. It took me longer than expected and I had to try lots of versatile thinking. Want to say a huge thanks to samsepi0l, since it was his / her post that point me to the right direction in order to finish the challenge. Still another “thank you” goes to all of you, because you made me try over and over, especially when I thought I was in the wrong way.
By the way, some of you mentioned that you solved it only using wfuzz. Could someone PM me and let me know how?

Nice… Going to the next challenge!

teapote · March 29, 2020, 4:07pm

I would like to precise for those who struggle with first part of this challenge: the --hc 404 command allows you to display only the interesting part

Concerning the second part of this challenge, I can try to brute-force parameter and value but what is the result I’m waiting for ? Every request ends up with a 200 answer…

sparrow1 · April 5, 2020, 3:58pm

Nice challenge to learn wfuzz. Thanks @Arrexel for noob-friendly challenge. Thanks @TsukiCTF, @deleite and @qmi for much needed hints!

pablood29 · April 19, 2020, 4:13am

Have had some hard time trying to find out how to make parameter return a valid one, lol. Learned a new thing with it!
If anyone needs help, feel free to pm.

jasbroek · April 21, 2020, 6:39pm

It is a nice challenge to get introduced to wfuzz (or any other fuzzing tool you prefer).
Using the right wordlist is of course required, but the first one I used was sufficient for the entire challenge (it came build-in with Kali).

If you’re stuck, feel free to reach out.

flejz · May 12, 2020, 11:54am

that was a quick one.
the wordlist retry was what took longer.
feel free to dm for tips

Civero · June 26, 2020, 10:07am

Very fun challenge!! I have never used these tools, so, i learned a new thing. A lot of thanks @Arrexel

KnightOfNih · March 11, 2021, 12:23am

Guys, i really need some help
im trying to parameter value fuzz to complete this tutorial.

i have tried to pick up on any hits left in this discussion but cannot find the answer

As others have mentioned i think im getting stuck with filtering as when fuzzing the parameter value im getting a result of 200 back for all items in the wordlist.

Any clues would be great.