TryHackme’s Advent of Cyber 2023 — Day 4Writeup

TryHackMe — Brute Forcing [ Baby, It’s CeWLd Outside ] — The team detects a malicious actor using an employee account to access an internal messaging portal. Help McSkidy figure out how they might have gained the correct credentials

Learning Objectives:

- What is CeWL?

- What are the capabilities of CeWL?

- How can we leverage CeWL to generate a custom wordlist from a website?

- How can we customize the tool’s output for specific tasks?

Overview

CeWL (pronounced “cool”) is a custom word list generator tool that spiders websites to create word lists based on the site’s content. Spidering, in the context of web security and penetration testing, refers to the process of automatically navigating and cataloguing a website’s content, often to retrieve the site structure, content, and other relevant details. This capability makes CeWL especially valuable to penetration testers aiming to brute-force login pages or uncover hidden directories using organisation-specific terminology.