[Legion Leak] Finding and Exploring All Directories On a Website 07-30-2013, 03:27 AM
#1
This post is leaked from the premium section of "Legion" on the competing hack forum. There will be 5 new leaks a day. There may be some format problems due to UTF8 character encoding.
(07-15-2013, 12:11 PM)VipVince Wrote: I have seen a lot of people ask how do they search for all files and folders on a web site, manual searching sometimes is just not enough and for efficiency purposes its helpful to run a scanner on it. Today I am going to demonstrate how:
OWASP DirBuster:
Here is a link to this tool:
https://www.owasp.org/index.php/Category...er_Project
Once you have downloaded, run it and you will be faced like a screen below. Add your chosen website and port number, 80 obviously if its a HTTP web-server.
Click start and you will see it run whilst picking up a bunch of directories in the process:
As you can see some of them look quite sensitive and could prove beneficial to an attacker. Now you can manually browse through the directories and look for a hole. Whether it be vulnerable plugins or a config script containing the MySQL DB credentials.
Here I am going through the websites plugins, looking for non sanitized code that could lead to privilege escalation later on.
This is basically the process involved. I am going to keep this short and sweet. Hope you enjoyed, VV. :blackhat:
![[Image: h14anU.jpg]](http://i.cubeupload.com/h14anU.jpg)
![[Image: bbjlHh.jpg]](http://i.cubeupload.com/bbjlHh.jpg)
![[Image: QPaLth.jpg]](http://i.cubeupload.com/QPaLth.jpg)
![[Image: F4Z9Dqw.png]](https://i.imgur.com/F4Z9Dqw.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)