🔬HTTP Enumeration
Lab 1 - Method Enumeration
Target IP:
192.41.48.3
Credentials:
john
:password
Open the browser and navigate to
http://192.41.48.3/login.php
View Source code of the login page and check the
POST
method
Login with the provided credentials
Follow the remaining links
http://192.41.48.3/post.php
http://192.41.48.3/index.php
Dirb
Enumerate hidden directories using
dirb
📌 Hidden directories are
css
,img
,js
,uploads
,vendor
Curl
Use
curl
to send some requests
Use
curl
to interact withlogin.php
andpost.php
Interact with
uploads
directory
📌
WebDAV
module is enabled on the Apache Server and allows file upload viaPUT
method.
Upload a file with
PUT
method
BurpSuite
🔬 Check the BurpSuite Basics lab here
Target IP has changed to
192.83.140.3
Use
BurpSuite
to interact with the web page, by turning on theFoxyProxy
Firefox plugin and opening the BurpSuite with the Proxy intercept on.Capture the home page and send it to
Repeater
Use the various options to sed requests and check the response.
Try to login in the webpage, intercept the request and send it to the repetear
Send a
POST
tologin.php
with valid credentials
Try to upload a file to
/uploads/
Lab 2 - Directory Enumeration
🔬 Directory Enumeration with Gobuster
Target IP:
192.185.38.3
Enumerate a Multillidae II vulnerable web app
Open the browser and navigate to
http://192.185.38.3/
Use
gobuster
to enumerate directories, ignoring403
and404
status codes
Scan to find specific file extensions and interesting files
Check the
xml
filehttp://192.185.38.3/data/accounts.xml
Burp Suite
🔬 Directory Enumeration with Burp Suite
Target IP:
192.221.162.3
Enumerate a Multillidae II vulnerable web app
Open the browser and navigate to
http://192.221.162.3/
Activate FoxyProxy Plugin
Start
BurpSuite
(set User options/Display/Look to Darcula and restart BurpSuite)Intercept the home page request and send it to
Intruder
Intruder
- setHOST
target IP andPORT
Configure
Payload Positions
Clear §
Add
§name§
in theGET
request
Payloads - Options
- add a list of strings and load the/usr/share/wordlists/dirb/common.txt
listStart Attack
and check the status code
Navigate to
http://192.221.162.3/passwords/accounts.txt
Last updated