Not a request for help, more of an observation/issue. Toward the end of this section when you lunch the attack, I never see the fuzzer find the /admin directory. I understand the attack is slow due to it being the Community edition of Burp. However, I did run this a few times and I waited for it to iterate beyond the A’s in the word list. When it gets to “Admin” it kicks back a 404. If I clear the word list and use “admin” it will find it. Ultimately, playing around and context clues got me the answer in the end. If the word list would have hit the first time it would have saved me a lot of time lol. Anyone else run into this?
Update… I didn’t wait long enough. Couldn’t get this test out of my head lol. Looked through the word list. Sure enough, “admin” is there.
Guys, I don’t know if it is just me or if the ZAP Fuzzer and Burp Intruder sections are not working. When I try loading the page for the pwnbox it is just blank. Even when I tried to go the .html page under admin it just shows a blank page. Any assistance would be appreciated…
Any updates?