Hi all, I recently started working on the module “Attacking Web Applications with Ffuf”, took a few weeks off, and came back to find that I can no longer make progress because the ffuf command does not work anymore.
I’m using the ParrotOS Pwnbox and don’t recall changing anything about my configuration in that time. I can’t reinstall ffuf myself through apt or github since I’m on the free tier and I gather our pwnboxes can’t connect to the internet. At the moment I don’t have easy access to another machine where I can activate the vpn needed to access the target systems in the module. Is there anything I can do?
Edit: I just found FFUF not working in PWN box – but again, I think I can’t do this because my version doesn’t have internet access?
Hi,
theoretically you can port forward the PwnBox to your computer and to the Internet.
However, why won’t you use your own computer and connect with a VPN. What do you think of this option? I’d be happy to assist you if it gets to complicated
@b2k At the moment I only have access to my work laptop and I’m reluctant to install new programs or run a VPN on it for policy reasons, but if that’s my only option I can probably figure it out. Thank you for offering though!
I won’t be much helpful with debian, but on arch it is often a matter of deleting cache/refreshing mirrorlists. Still, Pwnbox should have ffuf already installed and there are other options like Zed Attack Proxy, gobuster or even Burp.
What does da ffuf command say when you attempt to run it?
@Krel_Backstabba See screenshot above, ffuf: command not found. gobuster does indeed appear to be installed, I’ll keep that in mind, thanks!
@onthesauce apt install still does not work. The Pwnbox guide does say that “Free users also have limited internet access, with only our own target systems and GitHub being allowed”, so this might be intentional (although fwiw I couldn’t get access to GitHub either).
I agree it’s weird ffuf isn’t already installed. Seems like they removed it within the past month for some reason
In any case, if they don’t add it back soon I’ll also eventually have access to another personal device where I can finish the module instead, so it’s not a huge deal. Thanks everyone for the input!