Fuzzing a directory:

#wfuzz -c -w /usr/share/wordlists/dirb/common.txt --hc 404 http://10.10.10.194:8080/manager/FUZZ

Fuzzing Params:

SQLi Param Fuzzing:

Check to see if logic works in params. Example: /room.php?cod=1 and if we do /room.php?cod=80 we get a page back that does not show a room at all. Then we try something like 3-2 and we get room 1. So we know we can manipulate the sql statement somewhat. At this point to autopwn hop over to sqlmap.

wfuzz to param fuzz:

#wfuzz -u http://10.10.10.143/room.php?cod=FUZZ -w /usr/share/seclists/Fuzzing/SQLi/Generic-SQLi.txt you can then grep for the interesting file lengths using -v to exclude the errors.

In this case we fuzz special characters to see what get read by the DB.

#wfuzz -u http://10.10.10.143/room.php?cod=1FUZZ -w /usr/share/seclists/Fuzzing/special-chars.txt > sqliSpecialChars.txt notice that we left the '1' and fuzz behind it to help us see what is hitting and missing.