Home Blog GitHub Buy Me a Book

🔬HTTP Enumeration

Lab 1 - Method Enumeration

🔬 HTTP Method Enumeration

  • Target IP: 192.41.48.3

  • Credentials: john:password

ip -br -c a
	eth1@if193355  UP  192.41.48.2/24

  • Open the browser and navigate to

    • http://192.41.48.3/login.php

  • View Source code of the login page and check the POST method

  • Login with the provided credentials

  • Follow the remaining links

    • http://192.41.48.3/post.php

    • http://192.41.48.3/index.php

Dirb

  • Enumerate hidden directories using dirb

dirb http://192.41.48.3

📌 Hidden directories are css, img, js, mail, uploads, vendor

Curl

  • Use curl to send some requests

# GET
curl -X GET 192.41.48.3

# HEAD
curl -I 192.41.48.3

# OPTIONS
curl -X OPTIONS 192.41.48.3 -v

# POST
curl -X POST 192.41.48.3

# PUT
curl -X PUT 192.41.48.3

  • Use curl to interact with login.php and post.php

curl -X OPTIONS 192.41.48.3/post.php -v
	Allow: GET,POST,HEAD,OPTIONS

curl -X OPTIONS 192.41.48.3/login.php -v
	Allow: GET,POST,HEAD,OPTIONS

curl -X POST 192.41.48.3/login.php -d "name=john&password=password" -v

  • Interact with uploads directory

curl -X OPTIONS 192.41.48.3/uploads/ -v

📌 WebDAV module is enabled on the Apache Server and allows file upload via PUT method.

  • Upload a file with PUT method

echo "Hello Hackers" > hello.txt

curl 192.41.48.3/uploads/ --upload-file hello.txt
curl -X DELETE 192.41.48.3/uploads/hello.txt -v

BurpSuite

🔬 Check the BurpSuite Basics lab here

  • Target IP has changed to 192.83.140.3

  • Use BurpSuite to interact with the web page, by turning on the FoxyProxy Firefox plugin and opening the BurpSuite with the Proxy intercept on.

  • Capture the home page and send it to Repeater

  • Use the various options to sed requests and check the response.

  • Try to login in the webpage, intercept the request and send it to the repetear

  • Send a POST to login.php with valid credentials

  • Try to upload a file to /uploads/

Lab 2 - Directory Enumeration

Gobuster

🔬 Directory Enumeration with Gobuster

  • Target IP: 192.185.38.3

  • Enumerate a Multillidae II vulnerable web app

ip -br -c a
	eth1@if203734  UP  192.185.38.2/24

nmap -sS -sV 192.185.38.2

  • Open the browser and navigate to

    • http://192.185.38.3/

  • Use gobuster to enumerate directories, ignoring 403 and 404 status codes

gobuster dir -u http://192.185.38.3 -w /usr/share/wordlists/dirb/common.txt -b 403,404

  • Scan to find specific file extensions and interesting files

gobuster dir -u http://192.185.38.3 -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

# -u = url string
# -w = wordlist
# -b = status code blacklist
# -x = extensions string
# -r = follow redirect
gobuster dir -u http://192.185.38.3/data -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

  • Check the xml file

    • http://192.185.38.3/data/accounts.xml

Burp Suite

🔬 Directory Enumeration with Burp Suite

  • Target IP: 192.221.162.3

  • Enumerate a Multillidae II vulnerable web app

ip -br -c a
	eth1@if203734  UP  192.221.162.2/24

nmap -sS -sV 192.221.162.3

  • Open the browser and navigate to

    • http://192.221.162.3/

    • Activate FoxyProxy Plugin

  • Start BurpSuite (set User options/Display/Look to Darcula and restart BurpSuite)

    • Intercept the home page request and send it to Intruder

    • Intruder - set HOST target IP and PORT

    • Configure Payload Positions

      • Clear §

      • Add §name§ in the GET request

    • Payloads - Options - add a list of strings and load the /usr/share/wordlists/dirb/common.txt list

    • Start Attack and check the status code

  • Navigate to http://192.221.162.3/passwords/accounts.txt

PreviousIntro to Web App PentestingNext🔬Web App Scanning

Last updated