# Disboard #
  • Reconnaissance
    • Quick Guide
    • Ports and Protocols
    • Passive Reconnaissance
    • Active Reconnaissance
  • Enumeration
    • Password Cracking
    • Hydra
    • Wireshark
    • Snort
    • Steganography
  • Web
    • OWASP Top 10
    • OWASP API
    • SQL Injection
      • Microsoft SQL Injection
    • Cross Site Scripting
    • Browser Vulnerabilities
    • Fuzzing
  • Linux
    • Privilege Escalation
    • Docker
    • Program Life Cycle
  • Windows
    • Privilege Escalation
    • Active Directory
    • Powershell
  • Event Logs
    • Sysmon
  • Exploitation
    • Shells
      • Upgrading Shells
    • Metasploit
      • Meterpreter
    • KOTH
    • Source Code Review
  • Hack the Box
    • ARCHETYPE
    • BASE
    • BASHED
    • EXPLORE
    • NIBBLES
  • Try Hack Me
    • ADVENTURE TIME
    • HACKFINITY
    • MOTHER'S SECRET
    • OFFSEC
    • POSTEXPLOIT
    • ROASTED
    • TEMPEST
    • TRAVERSE
  • CompTIA
    • Network
      • 1.0 Networking Fundamentals
      • 2.0 Network Implementations
      • 3.0 Network Operations
      • 4.0 Network Security
      • 5.0 Network Troubleshooting
    • PenTest
  • SIEM
    • Splunk
    • Elastic
  • Wireless
    • Wi-Fi Hacking
  • Other
    • PicoCTF
    • SSH Tunneling
    • Life Hacks
    • My Pokémon API
    • Github
Powered by GitBook
On this page
  • Fuzzing Usernames
  • Fuzzing Web Credentials
  1. Web

Fuzzing

Fuzzing for Loot!

PreviousBrowser VulnerabilitiesNextPrivilege Escalation

Last updated 7 months ago

Fuzzing is a software testing technique that involves feeding random or invalid data into a program to find security vulnerabilities and coding errors. The goal is to crash the program and identify faults that might not be found through traditional testing methods. In particular, web fuzzing can be used for a variety of uses such as directory enumeration, IDOR, username and password enumeration, and more.

ffuf (Fuzz Faster U Fool) is a fast web fuzzing tool used for a variety of purposes.

There are many ffuf matcher options included to help create useful output:

  • -mc: Match HTTP status codes i.e. 200

  • -ml: Match amount of lines in response

  • -mr: Match regexp

  • -ms: Match HTTP response size

  • -mw: Match amount of words in response

Filters can also be used to remove specific results:

  • -fc: Filter HTTP status codes

  • -fl: Filter by amount of lines in response

  • -fr: Filter regexp

  • -fs: Filter HTTP response size

  • -fw: Filter by amount of words in response

Fuzzing Usernames

When creating the command, FUZZ will be used to specify where the username would go in the request parameters.

ffuf -w $WORDLIST -X $METHOD -d $PARAMETERS -H $HEADERS -u $URL -mr $REGEX

Example:

ffuf -w usernames-names -X POST -d "username=FUZZ&email=a@b.c&password=pass123&cpassword=pass123" -H "Content-Type: application/x-www-form-urlencoded" -u http://$SITE/signup -mr "username already exists"

Fuzzing Web Credentials

Although a tool like hydra might be better for this, ffuf can also be used to brute force credentials. Since there's two wordlists, there's a need to specify wordlists in this case.

ffuf -w $USERS:$W1,$PASSWDS:$W2 -X $METHOD -d $PARAMETERS -h $HEADERS -u $URL -fc $HTTP_CODE

Example:

ffuf -w users.txt:W1,passwords.txt:W2 -X POST -d "username=W1&password=W2" -H "Content-Type: application/x-www-form-urlencoded" -u http://$SITE/login -fc 200