From: Ben Timby (asp@webexc.com)
Date: Tue Aug 31 2004 - 13:46:46 EDT
Serg, I assume that a local mirror will not work, as the directories you
will likely be most interested in would not be linked to :-).
In the past I had written a vb script to do this using the XMLHTTP
object, I use a dictionary for the purpose, and it traverses the site,
rips out links, enumerates directories, then does a dictionary attack on
each of those known folders to find the "hidden" folders. You simply
make the http request, and check if it is a directory listing denied (or
directory listing as the case may be) or a 404 error. You could whip
this up in a few minutes in your favorite scripting language. If you
don't have the time, I could submit one to the list in the language of
your choice, but of course you would have to wait until I had the time
:-), probably a couple weeks (or maybe tonight, who knows).
I would also do a quick test if the server is case sensitive by
requesting a file I know exists:
http://www.site.com/index.html
http://www.site.com/INDEX.html
Think of it as a password cracker, where the password is the directory
name. You have a nice/easy/fast way to check the password, via an HTTP
request.
My dictionary contains the following words (and other variations and
similar words).
cms
secure
admin
nimda
manage
login
secret
hidden
...
If you got crazy, you could perform transforms on the above words to
expand your search...
4dm1n
n1md4
s3cur3
...
for case sensitive servers:
AdMin
ADmIn
...
Hope that helps.
Serg Belokamen wrote:
> Hi All,
>
> Is there a way to somehow enumerate a directory structur on a remote
> webserver? Brute force springs to mind but thats mathematically
> impossible, to go through all combinations, etc.
>
> Cheers,
> Serg
>
> ------------------------------------------------------------------------------
>
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:02 EDT