Using Wb Proxies - Burp Intruder

Hi all,

I am having difficulty with Using Web Proxies: Burp Intruder

The question reads as: Use Burp Intruder to fuzz for ‘.html’ files under the /admin directory, to find a file containing the flag.

I believe that I have been following the instructions as suggested… however, I cannot seem to do it correctly. Any help/suggestions/hints are all great appreciated. I will attach some screenshots to showcase what I have done, and maybe someone can point me in the right direction :slight_smile:

I am not sure if I am doing this correctly…

Is it supposed to take this long?

Another interesting thing I found…

I hope that I made my question clear enough! Let me know if I can provide anymore information <3

Best,
Jesse

1 Like

Hey!

You have the payload positioning wrong. The question says under the admin directory, so you might want to try it like: (sub $ for the payload position symbol)

/admin/$$.html

Intruder will then take your payload which should be file names and insert them at the position with the .html extension.

Edit
Think of it like:
/Directory/File.html

3 Likes

Not a hundred percent sure, but I think the GET /success.txt is linked with an addon, or is noise from the vnc connection. I believe it can just be ignored.
-onthesauce

1 Like

Hey!

I took your advice and cracked it! Thank you very much for your response!

onthesauce for president :grin::metal:t3:

EDIT: For anyone who is stuck on this one, my hint is:

Use the payload as described in the exercise, but give it some time. However, for the positioning, do as onthesauce prescribed. If you set up burp correctly, you will find the page that comes back as 200 OK within 200 requests from the intruder on burp!

1 Like

Good afternoon!I managed to find the admin 200 ok directory. Then I went to the site as indicated in the guide. And what to do next? How do I find the flag?

Hi, in Burp intercept that GET request and send to Intruder, then follow the instructions that onthesauce provided in earlier posts to place your payload correctly. If you use the wordlist mentioned in the “Payload Options” section of the module (just above the flag question), you will get a 200 response within a few minutes, the flag is on that page.