`

Use head to view the created files:

$ head files_wordlist.txt

acme-hyper-branding-0.txt

acme-hyper-branding-0.csv

acme-hyper-branding-0.pdf

acme-hyper-branding-0.jpg

acme-hyper-branding-1.txt

acme-hyper-branding-1.csv

acme-hyper-branding-1.pdf

acme-hyper-branding-1.jpg

acme-hyper-branding-2.txt

acme-hyper-branding-2.csv

As you can see, this command’s output follows the format acme-

hyper-branding-{some_number}.{some_extension}.

Fuzzing with Ffuf

Ffuf (an acronym for Fuzz Faster U Fool) is a versatile and

blazing-fast web fuzzing tool. We’ll use fuff to discover potential

files under the /files endpoint that could contain interesting data.

This ffuf command uses the -c (color) option to highlight the

results in the terminal, -w (wordlist) to specify a custom word list, -

u (URL) option to specify a path, and the full URL to the endpoint to

fuzz. Let's run ffuf against 172.16.10.10 (p-web-01) using the

command shown below:

$ ffuf -c -w files_wordlist.txt -u http://172.16.10.10:8081/files/FUZZ

:: Method : GET

:: URL : http://172.16.10.10:8081/files/FUZZ

:: Wordlist : FUZZ: files_wordlist.txt

:: Follow redirects : false

:: Calibration : false

:: Timeout : 10

:: Threads : 40

:: Matcher : Response status: 200,204,301,302,307,401,403,405,500

________________________________________________

acme-hyper-branding-5.csv [Status: 200, Size: 432, Words: 31, Lines: 9, Duration: 32ms]

:: Progress: [405/405] :: Job [1/1] :: 0 req/sec :: Duration: [0:00:00] :: Errors: 0 ::

Listing 5-7

Fuzzing with ffuf

Note that the word FUZZ at the end of the URL is a placeholder

that tells the tool where to inject the words from the wordlist. In

essence, it will swap the word FUZZ with each line from our file.

Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks