Pwnbox: ffuf command not found

Hi all, I recently started working on the module “Attacking Web Applications with Ffuf”, took a few weeks off, and came back to find that I can no longer make progress because the ffuf command does not work anymore.

I’m using the ParrotOS Pwnbox and don’t recall changing anything about my configuration in that time. I can’t reinstall ffuf myself through apt or github since I’m on the free tier and I gather our pwnboxes can’t connect to the internet. At the moment I don’t have easy access to another machine where I can activate the vpn needed to access the target systems in the module. Is there anything I can do?

Edit: I just found FFUF not working in PWN box – but again, I think I can’t do this because my version doesn’t have internet access?

1 Like

Hi,
theoretically you can port forward the PwnBox to your computer and to the Internet.
However, why won’t you use your own computer and connect with a VPN. What do you think of this option? I’d be happy to assist you if it gets to complicated

1 Like

Hi @feitew,

Can you post a screenshot of the issue?

Via the pwnbox you can install using APT & also use sudo.

Cheers!

Sqwd

@Sqwd

And if I do sudo apt update:

If I disconnect openvpn (sudo killall openvpn) the result is the same.

@b2k At the moment I only have access to my work laptop and I’m reluctant to install new programs or run a VPN on it for policy reasons, but if that’s my only option I can probably figure it out. Thank you for offering though!

1 Like

How about live boot USB?

Also worth considering :thinking:

1 Like

I won’t be much helpful with debian, but on arch it is often a matter of deleting cache/refreshing mirrorlists. Still, Pwnbox should have ffuf already installed and there are other options like Zed Attack Proxy, gobuster or even Burp.

What does da ffuf command say when you attempt to run it?

Are you still having issues? I just jumped on and confirmed that it could be installed with:

sudo apt-get install ffuf

Maybe they were having backend issues while you were on. Although kinda strange that this isn’t installed from the get go.

@Krel_Backstabba See screenshot above, ffuf: command not found. gobuster does indeed appear to be installed, I’ll keep that in mind, thanks!

@onthesauce apt install still does not work. The Pwnbox guide does say that “Free users also have limited internet access, with only our own target systems and GitHub being allowed”, so this might be intentional (although fwiw I couldn’t get access to GitHub either).

I agree it’s weird ffuf isn’t already installed. Seems like they removed it within the past month for some reason :person_shrugging:

In any case, if they don’t add it back soon I’ll also eventually have access to another personal device where I can finish the module instead, so it’s not a huge deal. Thanks everyone for the input!

I think it should be reported. There is no reason for the tools needed to complete the task to be missing in the PwnBox intended to be used.

Oh looks like they just fixed it!