Penetration Testing mailing list archives
Re: listing directory structure within webserver root
From: Ben Timby <asp () webexc com>
Date: Tue, 31 Aug 2004 12:46:46 -0500
Serg, I assume that a local mirror will not work, as the directories you will likely be most interested in would not be linked to :-).
In the past I had written a vb script to do this using the XMLHTTP object, I use a dictionary for the purpose, and it traverses the site, rips out links, enumerates directories, then does a dictionary attack on each of those known folders to find the "hidden" folders. You simply make the http request, and check if it is a directory listing denied (or directory listing as the case may be) or a 404 error. You could whip this up in a few minutes in your favorite scripting language. If you don't have the time, I could submit one to the list in the language of your choice, but of course you would have to wait until I had the time :-), probably a couple weeks (or maybe tonight, who knows).
I would also do a quick test if the server is case sensitive by requesting a file I know exists:
http://www.site.com/index.html http://www.site.com/INDEX.htmlThink of it as a password cracker, where the password is the directory name. You have a nice/easy/fast way to check the password, via an HTTP request.
My dictionary contains the following words (and other variations and similar words).
cms secure admin nimda manage login secret hidden ...If you got crazy, you could perform transforms on the above words to expand your search...
4dm1n n1md4 s3cur3 ... for case sensitive servers: AdMin ADmIn ... Hope that helps. Serg Belokamen wrote:
Hi All,Is there a way to somehow enumerate a directory structur on a remote webserver? Brute force springs to mind but thats mathematically impossible, to go through all combinations, etc.Cheers, Serg------------------------------------------------------------------------------Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html-------------------------------------------------------------------------------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Check out our Advanced Hacking course, learn to write exploits and attack security infrastructure. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- RE: listing directory structure within webserver root Jose Maria Lopez (Aug 31)
- Re: listing directory structure within webserver root DokFLeed.Net (Sep 01)
- Re: listing directory structure within webserver root Jose Maria Lopez (Sep 01)
- <Possible follow-ups>
- Re: listing directory structure within webserver root Ben Timby (Sep 01)
- Re: listing directory structure within webserver root DokFLeed.Net (Sep 01)