Day 18, Web Reconnaissance Or Information Gathering — Part 3#100DaysofHacking
Get all the writeups from Day 1 to 17, Click Here Or Click Here.
In our previous blogs we learned about google dorking, scope discovery and how should we use target manually as a user, in this blog we’ll learn about some further techniques.
We have covered many techniques of scope discovery in our previous blog, today also in this we’ll cover about some more techniques. Let’s start
Directory Brute-Forcing
Directory Brute-Forcing is a technique of finding hidden directories which are available on the web server. There are many cases in which hackers find directories which contains very sensitive information like admin panels, password files, outdated functionalities , database copies etc.
But before performing this ,let me show you web server structure of https://passwdgen.000webhostapp.com/ , this is the website on which I’ll perform, it is only for understanding in easy way. For your testing I’ll provide others links on which you can perform.
Here you can see, we have one admin directory which we have to find using different tools.
There are many tools which we can use to perform directory brute-forcing, so will see one by one:
Dirb:
Dirb is a command line tool which we can use to find the hidden directories, this tool basically works on dictionary attack. It means it uses a wordlist which contains name of common directories. So by using this it perform this attack, if word matches or directory is found, it shows 200 status code.
cmnd:
dirb https://example.com or
dirb http://example.com
Here you can see , dirb tool has found the directory admin, so now copy url and open it in browser.
Here you can see, we have found the contents of admin directory, now you here is one interesting folder also, let’s open it.
And here is the result , I kept that meme just for fun 😄
I hope you got how we can find hidden directories using dirb. Let’s find out same results using different tools.
First let’s create more some common directories.
Now we’ll do same thing using some different tools, let’s do one by one.
Dirbuster
Dirbuster is another gui based tool , simply enter dirbuster in terminal and hit enter then after that enter the url and select the path of wordlist as shown in fig or you can your own also if you want, but in this you should compulsory give the file extension, so here I have given .php. Then after that just click on attack and side by side check your terminal you’ll get the name of files and directories whatever this tool has found.
Here is the result:
You can see it has found what directories are inside the directory. I was also not aware of this icons but don’ t know how it came 😄.
Gobuster
Gobuster is another tool which can be used to find the same.
To install enter below command:
sudo apt install gobuster
Now let’s create a wordlist with some common directory names.
We’ll use this wordlist.
command: gobuster dir -u http://example.com -w wordlist.txt
Here is the result you can see, we have got the same output.
Task to do:
Now for you to perform testing , you can do on this domain: scanme.nmap.org
Here is result of dirbuster:
Wordlist to use:
/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
This is location of wordlist which is in bold and rest is name of file.
You can use the highlighted one.
Or you can use this one: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/directory-list-2.3-medium.txt
So I hope you got how you can find the hidden directories of any website. You should not perform this test on any website, you should take prior permission to do this. So don’t do that anywhere, perform on labs.
Today will stop here, I know writeups length are short , this is because of some reasons these days, later on will continue as usual.
So thank you for your time, will meet in next one.
Happy Learning 📖 and Happy Hacking 💻