Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
What switch do we use for nmap’s scan to specify that we want to perform version detection
What does Nmap report is the service identified as running on port 80/tcp?
nmap -sV IP_ADDRESS Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-12 18:12 EEST Nmap scan report for IP_ADDRESS Host is up (0.069s latency). Not shown: 999 closed ports PORT STATE SERVICE VERSION 80/tcp open http nginx 1.14.2 Service detection performed. Please report any incorrect results at https://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 8.05 seconds
What server name and version of service is running on port 80/tcp?
sudo apt install golang-go go install github.com/OJ/gobuster/v3@latest # If the above fails try the following... sudo git clone https://github.com/OJ/gobuster.git cd gobuster go get && go build go install
Now, we will use gobuster to scan the target website for directories using a wordlist.
# If you are using Kali Linux sudo gobuster dir -w /usr/share/wordlists/dirb/common.txt -u IP_ADDRESS # If you are using Ubuntu wget https://raw.githubusercontent.com/v0re/dirb/master/wordlists/common.txt sudo gobuster -w /common.txt -u IP_ADDRESS ===================================================== Gobuster v2.0.1 OJ Reeves (@TheColonial) ===================================================== [+] Mode : dir [+] Url/Domain : IP_ADDRESS [+] Threads : 10 [+] Wordlist : /common.txt [+] Status codes : 200,204,301,302,307,403 [+] Timeout : 10s ===================================================== 2023/06/12 18:25:21 Starting gobuster ===================================================== /admin.php (Status: 200) ===================================================== 2023/06/12 18:25:55 Finished =====================================================
What switch do we use to specify to Gobuster we want to perform dir busting specifically?
When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
What page is found during our dir busting activities?
What is the HTTP status code reported by Gobuster for the discovered page?
Now, navigate to IP_ADDRESS/admin.php and enter the following credentials.
Nice one, you’ve got the flag!
Subscribe to our email newsletter and unlock access to members-only content and exclusive updates.