5 Ways to Directory Bruteforcing on Web Server

5 Ways to Directory Bruteforcing on Web Server

In this article we have focus towards directory brute force attack using Kali Linux tool and try to find hidden files and directories inside web server for penetration testing.

A path traversal attack also known as directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (…/)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. For more information visit owasp.org

Let’s Start!!!

 DIRB

DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the response. DIRB main purpose is to help in professional web application auditing.

The tool “Dirb” is in built in kali Linux therefore Open the terminal and type following command to start brute force directory attack.

 Hence you can see read the fetched directories and file in the given screenshot.

Full Article Read Here

要查看或添加评论,请登录

Rajpal Singh的更多文章

  • Born2Root: 2: Vulnhub Walkthrough

    Born2Root: 2: Vulnhub Walkthrough

    Hello Friends!! Today we are going to take another CTF challenge named “Born2Root: 2”. The credit for making this VM…

    1 条评论
  • dnscat2: Command and Control over the DNS

    dnscat2: Command and Control over the DNS

    In this article, we learn DNS tunnelling through an amazing tool i.e.

    9 条评论
  • HackInOS:1: Vulnhub Lab Walkthrough

    HackInOS:1: Vulnhub Lab Walkthrough

    Hello friends! Today we are going to take another boot2root challenge known as “HackInOS: 1”. The credit for making…

    2 条评论
  • unknowndevice64: 1: Vulnhub Lab Walkthrough

    unknowndevice64: 1: Vulnhub Lab Walkthrough

    Hello friends! Today we are going to take another boot2root challenge known as “unknowndevice64: 1”. The credit for…

  • Hack the Box Access: Walkthrough

    Hack the Box Access: Walkthrough

    Today we are going to solve another CTF challenge “Access”. It is a retired vulnerable lab presented by Hack the Box…

    2 条评论
  • Vulnhub: RootThis: 1 Walkthrough

    Vulnhub: RootThis: 1 Walkthrough

    Hello friends! Today we are going to take another boot2root challenge known as root this. The credit for making this VM…

  • Vulnhub: Kuya: 1 Walkthrough

    Vulnhub: Kuya: 1 Walkthrough

    Today we are going to solve another CTF challenge “Kuya”. It is another vulnerable lab presented by vulnhub for helping…

  • Matrix 2: Vulnhub Lab Walkthrough

    Matrix 2: Vulnhub Lab Walkthrough

    Today we are going to solve another Boot2Root challenge “Matrix 2”. It is another vulnerable lab presented by vulnhub…

    1 条评论
  • W34kn3ss 1: Vulnhub Lab Walkthrough

    W34kn3ss 1: Vulnhub Lab Walkthrough

    Today we are going to solve another CTF challenge “W34kn3ss 1”. Briefing about the lab, the matrix is controlling this…

  • Pentest Lab Setup on Memcached

    Pentest Lab Setup on Memcached

    In this article, we are going to learn about pen-testing in Memcached lab setup in Ubuntu 18.04.

社区洞察

其他会员也浏览了