We can write a small perl script to enumerate possible directories on the remote webserver. We will use a wordlist from the dirbuster program as our payload.
#!/usr/bin/env perl
use strict;
use warnings;
use LWP::UserAgent;
my $host = "http://localhost";
my $file = "dirb.txt";
open(my $fh, '<', $file) or die $!;
my $ua = LWP::UserAgent->new(timeout => 10);
print "[*] Searching for possible directories...\n";
while (my $row = <$fh>) {
chomp($row);
my $res = $ua->get($host."/".$row);
if ($res->status_line =~ m/(\d{3})\s(.*)/g) {
if ($1 =~ m/404/) {
next;
} else {
print("[+] Page Found (".$1.") ".$2.": $host/$row\n");
}
}
}
If we run the script against a local web server we get the following result:
root@asus:~% perl bf-dir.pl [*] Searching for possible directories... [+] Page Found (200) OK: http://localhost/ [+] Page Found (403) Forbidden: http://localhost/.hta [+] Page Found (403) Forbidden: http://localhost/.htaccess [+] Page Found (403) Forbidden: http://localhost/.htpasswd [+] Page Found (403) Forbidden: http://localhost/aux [+] Page Found (403) Forbidden: http://localhost/cgi-bin/ [+] Page Found (403) Forbidden: http://localhost/com1 [+] Page Found (403) Forbidden: http://localhost/com2 [+] Page Found (403) Forbidden: http://localhost/com3 [+] Page Found (403) Forbidden: http://localhost/con [+] Page Found (200) OK: http://localhost/dashboard [+] Page Found (503) Service Unavailable: http://localhost/examples [+] Page Found (200) OK: http://localhost/favicon.ico [+] Page Found (200) OK: http://localhost/img [+] Page Found (200) OK: http://localhost/index.php [+] Page Found (200) OK: http://localhost/licenses [+] Page Found (403) Forbidden: http://localhost/lpt1 [+] Page Found (403) Forbidden: http://localhost/lpt2 [+] Page Found (403) Forbidden: http://localhost/nul [+] Page Found (200) OK: http://localhost/phpmyadmin [+] Page Found (403) Forbidden: http://localhost/prn [+] Page Found (200) OK: http://localhost/server-info [+] Page Found (200) OK: http://localhost/server-status [+] Page Found (403) Forbidden: http://localhost/webalizer root@asus:~%
We got some results from the dictionary attack we ran against the server.
No comments:
Post a Comment