Directory and File Fuzzing — Web Fuzzing Module — HTB Walkthrough

TIER 0 MODULE: WEB FUZZING

SECTION: Directory and File Fuzzing

Please open your pwnbox or connect to the vpn in order to complete the tasks.

If you are not registered in HTB Academy, then use this link to register now: https://referral.hackthebox.com/mzxKOJt

1. Within the “webfuzzing_hidden_path” path on the target system (ie http://IP:PORT/webfuzzing_hidden_path/), fuzz for folders and then files to find the flag.

Basically they already have given us a path to fuzz, which is — ip:port/webfuzzing_hidden_path,

Start ffuf by opening your terminal and input the following command;

ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u http://<target-ip:<port>/webfuzzing_hidden_path/FUZZ -v

After a few moments, ffuf returned us with a directory named “flag”. Stop the process (Ctrl + C) right there, and modify the command to:

ffuf -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt -u http://<target-ip:<port>/webfuzzing_hidden_path/flag/FUZZ -e .txt,.php,.html -v

Where,

• -w ➡ Flag for defining a wordlist.
• -u ➡ Flag for defining a URL with a FUZZ keyword.
• -e ➡ Flag for defining extensions. (make sure you give no space between extensions names and commas)
• -v ➡ Flag for displaying the full URLs in response, verbose output.

Again you will notice, it displays flag.html with a status code of 200.

Visit that URL,

http://<target-ip>:<port>/webfuzzing_hidden_path/flag/flag.html

and you found the flag.

Answer: HTB{w3b_f1l3_fuzz1ng_fl4g}

Still stuck? Watch video!

☣️ HAPPY ETHICAL HACKING ☣️

DISCLAIMER: THIS CONTENT DOES NOT BELONG TO ME, I AM JUST WRITING A WALK-THROUGH OF A FREE MODULE OF HACK THE BOX ACADEMY. (WRITING WALKTHROUGHS OF FREE MODULES IS PERMITTED BY HTB ACADEMY)

The Malware Mender Walkthroughs