Skills Assessment

March 30, 2024

First we have to enter the IP in our /etc/hosts

Then we are going to find the subdomain of the website academy.htb

ffuf -u http://academy.htb:52527 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt -H 'Host: FUZZ.academy.htb' -fs 985

Just put the findings in our /etc/hosts

Then we are going to find the extensions for those subdomain

  • First domain - academy

ffuf -u http://academy.htb:52527/indexFUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/web-extensions.txt

  • Second subdomain - faculty

ffuf -u http://faculty.academy.htb:52527/indexFUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/web-extensions.txt

  • third subdomain - archive

ffuf -u http://archive.academy.htb:52527/indexFUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/web-extensions.txt

  • fourth subdomain - test

ffuf -u http://test.academy.htb:52527/indexFUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/web-extensions.txt

Here the code below we found a directory that is called /courses

ffuf -u http://faculty.academy.htb:30807/FUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -e .php,.phps,.php7 -fs 287 -recursion -recursion-depth 1 -v

After we found the extensions we are now going to find the directories in the subdomain and in the faculty we did found the directory - /linux-security.php7 in the /courses

ffuf -u http://faculty.academy.htb:30807/courses/FUZZ -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -e .php,.phps,.php7 -fs 287 -recursion -recursion-depth 1 -v

After that we are going to find a parameter name in that directory 

ffuf -u http://faculty.academy.htb:30807/courses/linux-security.php7?FUZZ=key -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -fs 774
ffuf -u http://faculty.academy.htb:30807/courses/linux-security.php7 -w /usr/share/wordlists/seclists/Discovery/Web-Content/burp-parameter-names.txt -X POST -d "FUZZ=key" -H 'Content-Type: application/x-www-form-urlencoded' -fs 774
ffuf -u http://faculty.academy.htb:30807/courses/linux-security.php7 -w /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames.txt -X POST -d 'username=FUZZ' -H 'Content-Type: application/x-www-form-urlencoded' -fs 781
curl http://faculty.academy.htb:30807/courses/linux-security.php7 -X POST -d 'username=harry' -H 'Content-Type: application/x-www-form-urlencoded'
PreviousValue FuzzingNextSQL Injection Fundamentals

Last updated