🔬HTTP Enumeration
Lab 1 - Method Enumeration
Target IP:
192.41.48.3
Credentials:
john
:password
ip -br -c a
eth1@if193355 UP 192.41.48.2/24
Open the browser and navigate to
http://192.41.48.3/login.php
View Source code of the login page and check the
POST
method

Login with the provided credentials
Follow the remaining links
http://192.41.48.3/post.php
http://192.41.48.3/index.php
Dirb
Enumerate hidden directories using
dirb
dirb http://192.41.48.3

📌 Hidden directories are
css
,img
,js
,uploads
,vendor
Curl
Use
curl
to send some requests
# GET
curl -X GET 192.41.48.3
# HEAD
curl -I 192.41.48.3
# OPTIONS
curl -X OPTIONS 192.41.48.3 -v
# POST
curl -X POST 192.41.48.3
# PUT
curl -X PUT 192.41.48.3

Use
curl
to interact withlogin.php
andpost.php
curl -X OPTIONS 192.41.48.3/post.php -v
Allow: GET,POST,HEAD,OPTIONS
curl -X OPTIONS 192.41.48.3/login.php -v
Allow: GET,POST,HEAD,OPTIONS
curl -X POST 192.41.48.3/login.php -d "name=john&password=password" -v

Interact with
uploads
directory
curl -X OPTIONS 192.41.48.3/uploads/ -v

📌
WebDAV
module is enabled on the Apache Server and allows file upload viaPUT
method.
Upload a file with
PUT
method
echo "Hello Hackers" > hello.txt
curl 192.41.48.3/uploads/ --upload-file hello.txt

curl -X DELETE 192.41.48.3/uploads/hello.txt -v
BurpSuite
🔬 Check the BurpSuite Basics lab here
Target IP has changed to
192.83.140.3
Use
BurpSuite
to interact with the web page, by turning on theFoxyProxy
Firefox plugin and opening the BurpSuite with the Proxy intercept on.Capture the home page and send it to
Repeater
Use the various options to sed requests and check the response.


Try to login in the webpage, intercept the request and send it to the repetear
Send a
POST
tologin.php
with valid credentials

Try to upload a file to
/uploads/


Lab 2 - Directory Enumeration
🔬 Directory Enumeration with Gobuster
Target IP:
192.185.38.3
Enumerate a Multillidae II vulnerable web app
ip -br -c a
eth1@if203734 UP 192.185.38.2/24
nmap -sS -sV 192.185.38.2
Open the browser and navigate to
http://192.185.38.3/

Use
gobuster
to enumerate directories, ignoring403
and404
status codes
gobuster dir -u http://192.185.38.3 -w /usr/share/wordlists/dirb/common.txt -b 403,404

Scan to find specific file extensions and interesting files
gobuster dir -u http://192.185.38.3 -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r
# -u = url string
# -w = wordlist
# -b = status code blacklist
# -x = extensions string
# -r = follow redirect

gobuster dir -u http://192.185.38.3/data -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

Check the
xml
filehttp://192.185.38.3/data/accounts.xml

Burp Suite
🔬 Directory Enumeration with Burp Suite
Target IP:
192.221.162.3
Enumerate a Multillidae II vulnerable web app
ip -br -c a
eth1@if203734 UP 192.221.162.2/24
nmap -sS -sV 192.221.162.3
Open the browser and navigate to
http://192.221.162.3/
Activate FoxyProxy Plugin
Start
BurpSuite
(set User options/Display/Look to Darcula and restart BurpSuite)Intercept the home page request and send it to
Intruder
Intruder
- setHOST
target IP andPORT
Configure
Payload Positions
Clear §
Add
§name§
in theGET
request
Payloads - Options
- add a list of strings and load the/usr/share/wordlists/dirb/common.txt
listStart Attack
and check the status code




Navigate to
http://192.221.162.3/passwords/accounts.txt

Last updated
Was this helpful?