Directory Brute-forcing is a technique used to check a lot of paths on a web server to find hidden pages. Which is another name for this? (i) Local File Inclusion, (ii) dir busting, (iii) hash cracking.
dir busting
What switch do we use for nmap’s scan to specify that we want to perform version detection
-sV
What does Nmap report is the service identified as running on port 80/tcp?
http
nmap -sV IP_ADDRESS
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-12 18:12 EEST
Nmap scan report for IP_ADDRESS
Host is up (0.069s latency).
Not shown: 999 closed ports
PORT STATE SERVICE VERSION
80/tcp open http nginx 1.14.2
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.05 seconds
What server name and version of service is running on port 80/tcp?
nginx 1.14.2
Installing gobuster
sudo apt install golang-go
go install github.com/OJ/gobuster/v3@latest
# If the above fails try the following...
sudo git clone https://github.com/OJ/gobuster.git
cd gobuster
go get && go build
go install
Now, we will use gobuster to scan the target website for directories using a wordlist.
# If you are using Kali Linux
sudo gobuster dir -w /usr/share/wordlists/dirb/common.txt -u IP_ADDRESS
# If you are using Ubuntu
wget https://raw.githubusercontent.com/v0re/dirb/master/wordlists/common.txt
sudo gobuster -w /common.txt -u IP_ADDRESS
=====================================================
Gobuster v2.0.1 OJ Reeves (@TheColonial)
=====================================================
[+] Mode : dir
[+] Url/Domain : IP_ADDRESS
[+] Threads : 10
[+] Wordlist : /common.txt
[+] Status codes : 200,204,301,302,307,403
[+] Timeout : 10s
=====================================================
2023/06/12 18:25:21 Starting gobuster
=====================================================
/admin.php (Status: 200)
=====================================================
2023/06/12 18:25:55 Finished
=====================================================
What switch do we use to specify to Gobuster we want to perform dir busting specifically?
dir
When using gobuster to dir bust, what switch do we add to make sure it finds PHP pages?
-x php
What page is found during our dir busting activities?
admin.php
What is the HTTP status code reported by Gobuster for the discovered page?
200
Now, navigate to IP_ADDRESS/admin.php and enter the following credentials.
admin
admin
Nice one, you’ve got the flag!
Subscribe to our email newsletter and unlock access to members-only content and exclusive updates.
Comments