Finding Hidden File and directory of target website
Discovering hidden file and directory is important for hackers and penetration tester. There are many webmaster/developer who are keeping Default, configuration file, admin page, database page insecurely. For example , Many time I was able to read database page(such as db.sql), configuration page (such as confg.php) etc. But Some 10% clever developer try to rename these file too . Anyway, Finding hidden file is important technique of Information gathering and finding vulnerability.
We can do this by Brute force and dictionary attack but it may take very long time , Also the target get DDOSED.
How is it working: Imagine , Our target site is www.false.com . Simply it has a User login page www.false.com/admini for login users. But we need to find out the the real administrator page so that we can login to edit their site…right? We also tried manually(Several time) submiting some random url like www.false.com/admininstrator, or admni etc but no luck . Instead doing this manually we have tools to do this automated and fast. The tool will submit many random directory and file and we have to understand the HTTP respond code (Do you know about 400,403,200 etc?). This is not only for finding admin page but also for finding configuration file, interesting directory, default file/directory even vulnerability(So we can call it URL fuzzing) etc.
Warning: Remember it will logged all error (error.log/error_log.log file). So Some worry for getting caught and DDOSED
There are many tools such dirbuster, burpsuite or custom python scripts etc which we can download to be done this job. But I am going to show you the owasp DirBuster (Go to the owasp.org for download it).
When we open the DirBuster(java -jar dirbuster.jar) , we get :
I have installed Joomla locally(Directory: /var/www/joomla. So going to attack my own site like:
Here my target URL is 192.168.1.214 , I ticked the “Go Faster” so that it can attack too quickly. And the dictionary file(/pentest/web/dirbuster/directory-list-1.0.txt). I want to fuzz my joomla site and the joomla installed in /joomla directory(192.168.1.214/joomla) and default PHP file to be fuzzed.
At last Click on the “Start”.
Here we see Type, Found , Response, Size, Include and Status section.
“Type” is telling us that it is file or directory, The “Found” Section telling that DirBuster found somethings, Response mean it is 200=OK, 404=not found, 403=Forbidden etc, “Size” telling that how kb/mb the page or directory(Sometime it is interesting when very different size of the found page/directory), “Status” telling that if the tool is still working .
Now simple Browse the all Found File and directory . Sometime you may get blank page, For example, When I try to browse 192.168.1.214/joomla/configuration.php because it is not readable. If the fool developer or webmaster chmod it as read then he got fucked.
We see the output that DirBuster found the “administrator” page (joomla/administrator/index.php) and the configuration file(joomla/configuration.php) which are really intersting.
Perhaps we can do some malicious things like LFI, SQLi etc. Just think a little bit about it.
Let me know if you catch any mistake(I love to learn)….