In this walk through, we will be going through the ffuf room from Tryhackme. In this room, we will learn to perform Enumeration, Fuzzing and Directory bruteforcing using ffuf. So, let’s get started without any delay.

Table of Contents
Task 1 – [Info] Introduction
Question 1 – I have ffuf installed
Done

![Tryhackme - ffuf Task 1 - [Info] Introduction](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107212619-1024x204.png)
Task 2 – [Walkthrough] Basics
Question 1 – What is the first file you found with a 200 status code?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/common.txt

favicon.ico
![Tryhackme - ffuf Task 2 - [Walkthrough] Basics](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107213011-1024x134.png)
Task 3 – [Walkthrough] Finding pages and directories
Question 1 – What text file did you find?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-medium-files-lowercase.txt

robots.txt
Question 2 – What two file extensions were found for the index page?
ffuf -u http://10.10.142.190/indexFUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/web-extensions.txt

php,phps
Question 3 – What page has a size of 4840?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-medium-words-lowercase.txt -e .php,.txt

about.php
Question 4 – How many directories are there?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-medium-directories-lowercase.txt

4
![Tryhackme - ffuf Task 3 - [Walkthrough] Finding pages and directories](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107215633-1024x353.png)
Task 4 – [Walkthrough] Using filters
Question 1 – After applying the fc filter, how many results were returned?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-medium-files-lowercase.txt -fc 403

11
Question 2 – After applying the mc filter, how many results were returned?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-medium-files-lowercase.txt -mc 200

6
Question 3 – Which valuable file would have been hidden if you used -fc 403
instead of -fr?
ffuf -u http://10.10.142.190/FUZZ -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/raft-medium-files-lowercase.txt -fr '/\..*'

wp-forum.phps
![Tryhackme - ffuf Task 4 - [Walkthrough] Using filters](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107221013-1024x274.png)
Task 5 – [Walkthrough] Fuzzing parameters
Question 1 – What is the parameter you found?
ffuf -u 'http://10.10.252.121/sqli-labs/Less-1/?FUZZ=1' -c -w ~/Desktop/Wordlist/SecLists/Discovery/Web-Content/burp-parameter-names.txt -fw 39


id
Question 2 – What is the highest valid id?
ruby -e '(0..255).each{|i| puts i}' | ffuf -u 'http://10.10.252.121/sqli-labs/Less-1/?id=FUZZ' -c -w - -fw 33

14
Question 13 – What is Dummy’s password?
ffuf -u http://10.10.252.121/sqli-labs/Less-11/ -c -w ~/Desktop/Wordlist/SecLists/Passwords/Leaked-Databases/hak5.txt -X POST -d 'uname=Dummy&passwd=FUZZ&submit=Submit' -fs 1435 -H 'Content-Type: application/x-www-form-urlencoded'

p@ssword
![Tryhackme - ffuf Task 5 - [Walkthrough] Fuzzing parameters](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107223543-1024x274.png)
Task 6 – [Walkthrough] Finding vhosts and subdomains
![Tryhackme - ffuf Task 6 - [Walkthrough] Finding vhosts and subdomains](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107223724-1024x518.png)
Task 7 – [Walkthrough] Proxifying ffuf traffic
![Tryhackme - ffuf Task 7 - [Walkthrough] Proxifying ffuf traffic](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107223912-1024x365.png)
Task 8 – [Questions] Reviewing the options
Question 1 – How do you save the output to a markdown file (ffuf.md)?
-of md ffuf.md
Question 2 – How do you re-use a raw http request file?
-request
Question 3 – How do you strip comments from a wordlist?
-ic
Question 4 – How would you read a wordlist from STDIN?
-w -
Question 5 – How do you print full URLs and redirect locations?
-v
Question 6 – What option would you use to follow redirects?
-r
Question 7 – How do you enable colorized output?
-c
![Tryhackme - ffuf Task 8 - [Questions] Reviewing the options](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107224846-1024x571.png)
Task 9 – [Info] About the author
![Tryhackme - ffuf Task 9 - [Info] About the author](https://inventyourshit.com/wp-content/uploads/2023/11/Pasted-image-20231107224941-1024x311.png)
Also Read: Tryhackme – Shodan.io
So that was “ffuf” for you. We looked into the basics of ffuf and its usage. Next, we took a dive into the process of finding pages and directories. Then looked into some Filters, Fuzzing and enumeration and Finding Vhosts and Subdomains. At last, we looked into Proxifying ffuf traffic and some useful options. On that note, i would take your leave and will meet you in next one. Till then, “Happy hacking”.