Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: listing directory structure within webserver root
From: Ben Timby <asp () webexc com>
Date: Tue, 31 Aug 2004 12:46:46 -0500

Serg, I assume that a local mirror will not work, as the directories you will likely be most interested in would not be linked to :-).

In the past I had written a vb script to do this using the XMLHTTP object, I use a dictionary for the purpose, and it traverses the site, rips out links, enumerates directories, then does a dictionary attack on each of those known folders to find the "hidden" folders. You simply make the http request, and check if it is a directory listing denied (or directory listing as the case may be) or a 404 error. You could whip this up in a few minutes in your favorite scripting language. If you don't have the time, I could submit one to the list in the language of your choice, but of course you would have to wait until I had the time :-), probably a couple weeks (or maybe tonight, who knows).

I would also do a quick test if the server is case sensitive by requesting a file I know exists:

http://www.site.com/index.html
http://www.site.com/INDEX.html

Think of it as a password cracker, where the password is the directory name. You have a nice/easy/fast way to check the password, via an HTTP request.

My dictionary contains the following words (and other variations and similar words).

cms
secure
admin
nimda
manage
login
secret
hidden
...

If you got crazy, you could perform transforms on the above words to expand your search...

4dm1n
n1md4
s3cur3
...

for case sensitive servers:

AdMin
ADmIn
...

Hope that helps.

Serg Belokamen wrote:
Hi All,

Is there a way to somehow enumerate a directory structur on a remote webserver? Brute force springs to mind but thats mathematically impossible, to go through all combinations, etc.

   Cheers,
      Serg

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]