Attacking Web Applications with Ffuf

Question
Section Answer
Number

Directory Fuzzing Question 1 forum

Page Fuzzing Question 1 HTB{bru73_f0r_c0mm0n_p455w0rd5}

Recursive Fuzzing Question 1 HTB{fuzz1n6_7h3_w3b!}

Sub-domain Fuzzing Question 1 customer.inlanefreight.com

Filtering Results Question 1 test.academy.htb

Parameter Fuzzing -

5
Question 1 user
GET

58
Value Fuzzing Question 1 HTB{p4r4m373r_fuzz1n6_15_k3y!}

Skills Assessment -
Question 1 archive, test, faculty
Web Fuzzing

Skills Assessment -
Web Fuzzing
Question 2
#7
.php, .php7, .phps
m
Skills Assessment - http://faculty.academy.htb:PORT/courses/linux-s
Question 3
Web Fuzzing ecurity.php7

Skills Assessment -
to

Question 4 user username

Web Fuzzing

Skills Assessment -
ch

Question 5 HTB{w3b_fuzz1n6_m4573r}
Web Fuzzing

Broken Authentication
te

Question
Section Answer
Number

Enumerating Users Question 1 cookster

Brute-Forcing Passwords Question 1 Password Reuse

Brute-Forcing Passwords Question 2 Ramirez120992

Brute-Forcing Password
Question 1 One-Time Reset Token
Reset Tokens

Brute-Forcing Password
Question 2 -w
Reset Tokens

Brute-Forcing Password
Question 3 1000000
Reset Tokens
 Question
Section Answer
Number

Brute-Forcing Password
Question 4 HTB{36DA098385E641D54E1B2750721D816E}
Reset Tokens

Brute-Forcing 2FA Codes Question 1 HTB{9837B33A1EF678C380ADDF7EF8A517DE}

Vulnerable Password
Question 1 Manchester
Reset

Vulnerable Password
Question 2 HTB{D4740B1801D9880FF70DE227A54309F0}
Reset

Authentication Bypass via

Question 1 HTB{913ab2d84b8db21854c696dee1f1db68}

5
Direct Access

Authentication Bypass via

58
Question 1 HTB{63593317426484EA6D270C2159335780}
Parameter Modification

Attacking Session Tokens Question 1 Entropy

Attacking Session Tokens

Skills Assessment
Question 2

Question 1 #7HTB{d1f5d760d130f7dd11de93f0b393abda}

HTB{d86115e037388d0fa29280b737fd9171}
m
Bug Bounty Hunting Process
to

Section Question Number Answer

Bug Bounty Programs Question 1 Code of Conduct

ch

Writing a Good Report Question 1 Adjacent

Command Injections
te

Question
Section Answer
Number

Detection Question 1 Please match the requested format.

Injecting Commands Question 1 17

Other Injection
Question 1
Operators

Identifying Filters Question 1 new-line

Bypassing Space Filters Question 1 1613

Bypassing Other
Question 1 1nj3c70r
Blacklisted Characters

Bypassing Blacklisted
Question 1 HTB{b451c_f1l73r5_w0n7_570p_m3}
Commands
 Question
Section Answer
Number

Advanced Command
Question 1 /usr/share/mysql/debian_create_root_user.sql
Obfuscation

Skills Assessment Question 1 HTB{c0mm4nd3r_1nj3c70r}

Cross-Site Scripting (XSS)

Section Question Number Answer

Stored XSS Question 1 HTB{570r3d_f0r_3v3ry0n3_70_533}

Reflected XSS Question 1 HTB{r3fl3c73d_b4ck_2_m3}

5
DOM XSS Question 1 HTB{pur3ly_cl13n7_51d3}

58
XSS Discovery Question 1 email

XSS Discovery Question 2 reflected

Phishing

Session Hijacking
Question 1

Question 1 #7 HTB{r3f13c73d_cr3d5_84ck_2_m3}

HTB{4lw4y5_53cur3_y0ur_c00k135}
m
Skills Assessment Question 1 HTB{cr055_5173_5cr1p71n6_n1nj4}

File Inclusion
to

Question
Section Answer
ch

Number

Local File Inclusion (LFI) Question 1 barry

Local File Inclusion (LFI) Question 2 HTB{n3v3r_tru$t_u$3r_!nput}

te

Basic Bypasses Question 1 HTB{64$!c_f!lt3r$w0nt$t0p_lf!}

PHP Filters Question 1 HTB{n3v3r_$t0r3_pl4!nt3xt_cr3d$}

PHP Wrappers Question 1 HTB{d!$46l3_r3m0t3_url_!nclud3}

Remote File Inclusion (RFI) Question 1 99a8fc05f033f2fc0cf9a6f9826f83f4

LFI and File Uploads Question 1 HTB{upl04d+lf!+3x3cut3=rc3}

Log Poisoning Question 1 /var/www/html

Log Poisoning Question 2 HTB{1095_5#0u1d_n3v3r_63_3xp053d}

Automated Scanning Question 1 HTB{4u70m47!0n_f!nd5_#!dd3n_93m5}

File Inclusion Prevention Question 1 /etc/php/7.4/apache2/php.ini

File Inclusion Prevention Question 2 security

 Question
Section Answer
Number

Skills Assessment - File

Question 1 a9a892dbc9faf9a014f58e007721835e
Inclusion

File Upload Attacks

Question
Section Answer
Number

Absent Validation Question 1 fileuploadsabsentverification

Upload Exploitation Question 1 HTB{g07_my_f1r57_w3b_5h3ll}

5
Client-Side Validation Question 1 HTB{cl13n7_51d3_v4l1d4710n_w0n7_570p_m3}

58
Blacklist Filters Question 1 HTB{1_c4n_n3v3r_b3_bl4ckl1573d}

Whitelist Filters Question 1 HTB{1_wh173l157_my53lf}

Type Filters

Limited File Uploads

Limited File Uploads

Question 1

Question 1

Question 2
#7
HTB{m461c4l_c0n73n7_3xpl0174710n}

HTB{my_1m4635_4r3_l37h4l}

./images/
m
Skills Assessment - File
Question 1 HTB{m4573r1ng_upl04d_3xpl0174710n}
Upload Attacks
to

Hacking WordPress
ch

Section Question Number Answer

Directory Indexing Question 1 HTB{3num3r4t10n_15_k3y}

te

User Enumeration Question 1 ch4p

Login Question 1 80

WPScan Enumeration Question 1 1.5.34

Exploiting a Vulnerable Plugin Question 1 sally.jones

Attacking WordPress Users Question 1 lizard

RCE via the Theme Editor Question 1 HTB{rc3_By_d3s1gn}

Skills Assessment - WordPress Question 1 5.1.6

Skills Assessment - WordPress Question 2 twentynineteen

Skills Assessment - WordPress Question 3 HTB{d1sabl3_d1r3ct0ry_l1st1ng!}

Skills Assessment - WordPress Question 4 Charlie Wiggins

Skills Assessment - WordPress Question 5 HTB{unauTh_d0wn10ad!}

 Section Question Number Answer

Skills Assessment - WordPress Question 6 1.1.1

Skills Assessment - WordPress Question 7 frank.mclane

Skills Assessment - WordPress Question 8 HTB{w0rdPr355_4SS3ssm3n7}

Information Gathering -Web Edition

Question
Section Answer
Number

Utilizing WHOIS Question 1 292

5
Utilizing WHOIS Question 2 admin@dnstinations.com

58
Digging DNS Question 1 134.209.24.248

Digging DNS Question 2 inlanefreight.com

Digging DNS Question 3 smtpin.vvv.facebook.com.

Subdomain
Bruteforcing
Question 1 #7 my.inlanefreight.com
m
DNS Zone Transfers Question 1 22

DNS Zone Transfers Question 2 10.10.34.2

to

DNS Zone Transfers Question 3 10.10.200.14

Virtual Hosts Question 1 web17611.inlanefreight.htb

ch

Virtual Hosts Question 2 vm5.inlanefreight.htb

Virtual Hosts Question 3 browse.inlanefreight.htb

te

Virtual Hosts Question 4 admin.inlanefreight.htb

Virtual Hosts Question 5 support.inlanefreight.htb

Fingerprinting Question 1 2.4.41

Fingerprinting Question 2 Joomla

Fingerprinting Question 3 Ubuntu

inlanefreight-
Creepy Crawlies Question 1
comp133.s3.amazonaws.htb

Web Archives Question 1 74

Web Archives Question 2 3054

Web Archives Question 3 http://site.aboutface.com/

Web Archives Question 4 Palm 0rganizer

 Question
Section Answer
Number

Web Archives Question 5 http://google.stanford.edu/

Web Archives Question 6 17-December-99

Web Archives Question 7 3000

Skills Assessment Question 1 468

Skills Assessment Question 2 nginx

Skills Assessment Question 3 e963d863ee0e82ba7080fbf558ca0d3f

Skills Assessment Question 4 1337testing@inlanefreight.htb

5
Skills Assessment Question 5 ba988b835be4aa97d068941dc852ff33

58
Introduction to Web Application

Section Question Number Answer

HTML

Cascading Style Sheets (CSS)

#7
Question 1

Question 1 text-align: left;

m
Sensitive Data Exposure Question 1 HiddenInPlainSight

HTML Injection Question 1 Your name is Click Me

to

Cross-Site Scripting (XSS) Question 1 XSSisFun

ch

Back End Servers Question 1 Windows

Web Servers Question 1 Created

te

Databases Question 1 NoSQL

Development Frameworks & APIs Question 1 superadmin

Common Web Vulnerabilities Question 1 Command Injection

Public Vulnerabilities Question 1 9.3

JavaScript Deobfuscation

Question
Section Answer
Number

Source Code Question 1 HTB{4lw4y5_r34d_7h3_50urc3}

Deobfuscation Question 1 HTB{1_4m_7h3_53r14l_g3n3r470r!}

HTTP Requests Question 1 N2gxNV8xNV9hX3MzY3IzN19tMzU1NGcz

Decoding Question 1 HTB{ju57_4n07h3r_r4nd0m_53r14l}

 Question
Section Answer
Number

Skills
Question 1 api.min.js
Assessment

Skills
Question 2 HTB{j4v45cr1p7_3num3r4710n_15_k3y}
Assessment

Skills
Question 3 HTB{n3v3r_run_0bfu5c473d_c0d3!}
Assessment

Skills
Question 4 4150495f70336e5f37333537316e365f31355f66756e
Assessment

5
Skills
Question 5 HTB{r34dy_70_h4ck_my_w4y_1n_2_HTB}
Assessment

58
Login Brute Forcing

Section
Question
Number #7 Answer
m
Brute Force Attacks Question 1 HTB{Brut3_F0rc3_1s_P0w3rfu1}

Dictionary Attacks Question 1 HTB{Brut3_F0rc3_M4st3r}

to

Basic HTTP
Question 1 HTB{th1s_1s_4_f4k3_fl4g}
Authentication
ch

Login Forms Question 1 HTB{W3b_L0gin_Brut3F0rc3}

Web Services Question 1 qqww1122

te

Web Services Question 2 HTB{SSH_and_FTP_Bruteforce_Success}

Custom Wordlists Question 1 HTB{W3b_L0gin_Brut3F0rc3_Cu5t0m}

Skills Assessment Part 1 Question 1 Admin123

Skills Assessment Part 1 Question 2 satwossh

Skills Assessment Part 2 Question 1 thomas

Skills Assessment Part 2 Question 2 HTB{brut3f0rc1ng_succ3ssful}

Server-Side Attacks

Question
Section Answer
Number

Identifying SSRF Question 1 HTB{911fc5badf7d65aed95380d536c270f8}

Exploiting SSRF Question 1 HTB{61ea58507c2b9da30465b9582d6782a1}

 Question
Section Answer
Number

Blind SSRF Question 1 5000

Identifying SSTI Question 1 Twig

Exploiting SSTI - Jinja2 Question 1 HTB{295649e25b4d852185ba34907ec80643}

Exploiting SSTI - Twig Question 1 HTB{5034a6692604de344434ae83f1cdbec6}

Exploiting SSI Injection Question 1 HTB{81e5d8e80eec8e961a31229e4a5e737e}

Exploiting XSLT Injection Question 1 HTB{3a4fe85c1f1e2b61cabe9836a150f892}

Server-Side Attacks -
Question 1 HTB{3b8e2b940775e0267ce39d7c80488fc8}

5
Skills Assessment

58
Session Security

Question
Section Answer

Session Hijacking

Session Fixation
Number

Question 1

Question 1
#7
cookie

Yes
m
Obtaining Session
Identifiers without Question 1 Yes
to

User Interaction

Cross-Site Scripting
Question 1 Yes
(XSS)
ch

Cross-Site Request
Question 1 Yes
Forgery
te

Cross-Site Request
Question 1 Yes
Forgery (GET-based)

Cross-Site Request
Question 1 Yes
Forgery (POST-based)

XSS & CSRF Chaining Question 1 Yes

Exploiting Weak CSRF

Question 1 Popup Blockers
Tokens

Open Redirect Question 1 Yes

Session Security - Skills

Question 1 [YOU_ARE_A_SESSION_WARRIOR]
Assessment

Session Security - Skills

Question 2 FLAG{SUCCESS_YOU_PWN3D_US_H0PE_YOU_ENJ0YED}
Assessment

SQL Injection Fundamentals

 Question
Section Answer
Number

Intro to MySQL Question 1 employees

SQL Statements Question 1 d005

Query Results Question 1 Mitchem

SQL Operators Question 1 654

Subverting Query Logic Question 1 202a1d1a8b195d5e9a57e434cc16000c

Using Comments Question 1 cdad9ecdf6f14b45ff5c4de32909caec

Union Clause Question 1 663

5
Union Injection Question 1 root@localhost

58
Database Enumeration Question 1 9da2c9bcdf39d8610954e0e11ea8f45f

Reading Files Question 1 dB_pAssw0rd_iS_flag!

Writing Files

Skills Assessment - SQL

Injection Fundamentals
#7
Question 1

Question 1
d2b5b27ae688b6a0f1d21b7d3a0798cd

528d6d9cedc2c7aab146ef226e918396
m
SQLMap Essentials
to

Question
Section Answer
Number
ch

SQLMap Overview Question 1 UNION query-based

Running SQLMap
on an HTTP Question 1 HTB{700_much_c0n6r475_0n_p057_r3qu357}
te

Request

Running SQLMap
on an HTTP Question 2 HTB{c00k13_m0n573r_15_7h1nk1n6_0f_6r475}
Request

Running SQLMap
on an HTTP Question 3 HTB{j450n_v00rh335_53nd5_6r475}
Request

Attack Tuning Question 1 HTB{700_much_r15k_bu7_w0r7h_17}

Attack Tuning Question 2 HTB{v1nc3_mcm4h0n_15_4570n15h3d}

Attack Tuning Question 3 HTB{un173_7h3_un173d}

Database
Question 1 HTB{c0n6r475_y0u_kn0w_h0w_70_run_b451c_5qlm4p_5c4n}
Enumeration
 Question
Section Answer
Number

Advanced
Database Question 1 PARAMETER_STYLE
Enumeration

Advanced
Database Question 2 Enizoom1609
Enumeration

Bypassing Web
Application Question 1 HTB{y0u_h4v3_b33n_c5rf_70k3n1z3d}
Protections

Bypassing Web

5
Application Question 2 HTB{700_much_r4nd0mn355_f0r_my_74573}
Protections

58
Bypassing Web
Application Question 3 HTB{y37_4n07h3r_r4nd0m1z3}
Protections

Bypassing Web
Application
Protections
Question 4 #7
HTB{5p3c14l_ch4r5_n0_m0r3}
m
OS Exploitation Question 1 HTB{5up3r_u53r5_4r3_p0w3rful!}

OS Exploitation Question 2 HTB{n3v3r_run_db_45_db4}

to

Skills Assessment Question 1 HTB{n07_50_h4rd_r16h7?!}

ch

Using Web Proxies

Question
Section Answer
te

Number

Intercepting Web Requests Question 1 HTB{1n73rc3p73d_1n_7h3_m1ddl3}

Repeating Requests Question 1 HTB{qu1ckly_r3p3471n6_r3qu3575}

Encoding/Decoding Question 1 HTB{3nc0d1n6_n1nj4}

Proxying Tools Question 1 msf test file

Burp Intruder Question 1 HTB{burp_1n7rud3r_fuzz3r!}

ZAP Fuzzer Question 1 HTB{fuzz1n6_my_f1r57_c00k13}

ZAP Scanner Question 1 HTB{5c4nn3r5_f1nd_vuln5_w3_m155}

Skills Assessment - Using

Question 1 HTB{d154bl3d_bu770n5_w0n7_570p_m3}
Web Proxies

Skills Assessment - Using

Question 2 3dac93b8cd250aa8c1a36fffc79a17a
Web Proxies
 Question
Section Answer
Number

Skills Assessment - Using

Question 3 HTB{burp_1n7rud3r_n1nj4!}
Web Proxies

Skills Assessment - Using

Question 4 CFIDE
Web Proxies

Web Attacks

Question
Section Answer
Number

5
Bypassing Basic
Question 1 HTB{4lw4y5_c0v3r_4ll_v3rb5}
Authentication

58
Bypassing Security
Question 1 HTB{b3_v3rb_c0n51573n7}
Filters

Mass IDOR
Enumeration

Bypassing Encoded
References
Question 1

Question 1
#7
HTB{4ll_f1l35_4r3_m1n3}

HTB{h45h1n6_1d5_w0n7_570p_m3}
m
IDOR in Insecure
Question 1 eb4fe264c10eb7a528b047aa983a4829
APIs
to

Chaining IDOR
Question 1 HTB{1_4m_4n_1d0r_m4573r}
Vulnerabilities
ch

Local File Disclosure Question 1 UTM1NjM0MmRzJ2dmcTIzND0wMXJnZXdmc2RmCg

Advanced File
te

Question 1 HTB{3rr0r5_c4n_l34k_d474}
Disclosure

Blind Data
Question 1 HTB{1_d0n7_n33d_0u7pu7_70_3xf1l7r473_d474}
Exfiltration

Web Attacks - Skills

Question 1 HTB{m4573r_w3b_4774ck3r}
Assessment

Web Requests

Section Question Number Answer

HyperText Transfer Protocol (HTTP) Question 1 HTB{64$!c_cURL_u$3r}

HTTP Requests and Responses Question 1 GET

HTTP Requests and Responses Question 2 2.4.41

HTTP Headers Question 1 HTB{p493_r3qu3$t$_m0n!t0r}

 Section Question Number Answer

GET Question 1 HTB{curl_g3773r}

POST Question 1 HTB{p0$t_r3p34t3r}

CRUD API Question 1 HTB{crud_4p!_m4n!pul4t0r}

Web Service & API Attacks

Question
Section Answer
Number

Web Services Description

Question 1 Method
Language (WSDL)

5
SOAPAction Spoofing Question 1 x86_64

58
Command Injection Question 1 root

Command Injection Question 2 URL Encoding

Information Disclosure (with a

twist of SQLi)

Information Disclosure (with a

#7
Question 1 WebServices
m
Question 2 HTB{THE_FL4G_FOR_SQLI_IS_H3RE}
twist of SQLi)

Arbitrary File Upload Question 1 nix01-websvc

to

Local File Inclusion (LFI) Question 1 ubuntu

ch

Cross-Site Scripting Question 1 No

Server-Side Request Forgery

Question 1 Yes
(SSRF)
te

Regular Expression Denial of

Question 1 Yes
Service (ReDoS)

XML External Entity (XXE)

Question 1 file
Injection

Web Service & API Attacks -

Question 1 FLAG{1337_SQL_INJECTION_IS_FUN_:)}
Skills Assessment