Day 4 - “Baby, it's CeWLd outside”
The primary objectives of this challenge were :
•What is CeWL and it's capabilities
•How can we leverage CeWL to generate a custom wordlist from a website
•How can we customise the tool's output for specific tasks
In this task we were provided with a website, with some information about where we could find the potential username and password to login
We used cewl to generate a username list from the team members page in the website , and a password list from the contents of the website's homepage. Then we used wfuzz to bruteforce the login page to get the required credentials.
CeWL is a wordlist generator, it is unique compared to other tools available because CeWL is capable of creating custom wordlists based on web page content.Wfuzz is a tool designed for brute-forcing web applications. It can be used to find resources not linked directories, servlets, scripts, etc
Here is the walkthrough of Day 4.
No comments:
Post a Comment