# Fuzzing

## Fuzzing a directory:

`#`<mark style="color:green;">`wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://10.10.10.194:8080/manager/FUZZ`</mark>

## Fuzzing Params:

### SQLi Param Fuzzing:

Check to see if logic works in params.\
Example: `/room.php?cod=1` and if we do `/room.php?cod=80` we get a page back that does not show a room at all. Then we try something like 3-2 and we get room 1. So we know we can manipulate the sql statement somewhat. At this point to autopwn hop over to [sqlmap](/web-application-hacking/web-techniques/sqli/hacking-sql/sqlmap.md).

#### wfuzz to param fuzz:

`#`<mark style="color:green;">`wfuzz -u http://10.10.10.143/room.php?cod=FUZZ -w /usr/share/seclists/Fuzzing/SQLi/Generic-SQLi.txt`</mark>\
you can then grep for the interesting file lengths using <mark style="color:yellow;">-v</mark> to exclude the errors.

In this case we fuzz special characters to see what get read by the DB.&#x20;

`#`<mark style="color:green;">`wfuzz -u http://10.10.10.143/room.php?cod=1FUZZ -w /usr/share/seclists/Fuzzing/special-chars.txt > sqliSpecialChars.txt`</mark>\
notice that we left the '1' and fuzz behind it to help us see what is hitting and missing. <br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.hackbook.io/reconnaissance/web-server/directory-and-file-enumeration/fuzzing.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.