🔬HTTP Enumeration

Lab 1 - Method Enumeration

🔬 HTTP Method Enumeration
Target IP: 192.41.48.3
Credentials: john:password

ip -br -c a
	eth1@if193355  UP  192.41.48.2/24

Open the browser and navigate to
- http://192.41.48.3/login.php
View Source code of the login page and check the POST method

Login with the provided credentials
Follow the remaining links
- http://192.41.48.3/post.php
- http://192.41.48.3/index.php

Dirb

Enumerate hidden directories using dirb

dirb http://192.41.48.3

📌 Hidden directories are css, img, js, mail, uploads, vendor

Curl

Use curl to send some requests

# GET
curl -X GET 192.41.48.3

# HEAD
curl -I 192.41.48.3

# OPTIONS
curl -X OPTIONS 192.41.48.3 -v

# POST
curl -X POST 192.41.48.3

# PUT
curl -X PUT 192.41.48.3

Use curl to interact with login.php and post.php

curl -X OPTIONS 192.41.48.3/post.php -v
	Allow: GET,POST,HEAD,OPTIONS

curl -X OPTIONS 192.41.48.3/login.php -v
	Allow: GET,POST,HEAD,OPTIONS

curl -X POST 192.41.48.3/login.php -d "name=john&password=password" -v

Interact with uploads directory

curl -X OPTIONS 192.41.48.3/uploads/ -v

📌 WebDAV module is enabled on the Apache Server and allows file upload via PUT method.

Upload a file with PUT method

echo "Hello Hackers" > hello.txt

curl 192.41.48.3/uploads/ --upload-file hello.txt

curl -X DELETE 192.41.48.3/uploads/hello.txt -v

BurpSuite

🔬 Check the BurpSuite Basics lab here

Target IP has changed to 192.83.140.3
Use BurpSuite to interact with the web page, by turning on the FoxyProxy Firefox plugin and opening the BurpSuite with the Proxy intercept on.
Capture the home page and send it to Repeater
Use the various options to sed requests and check the response.

Try to login in the webpage, intercept the request and send it to the repetear
Send a POST to login.php with valid credentials

Try to upload a file to /uploads/

Lab 2 - Directory Enumeration

Gobuster

🔬 Directory Enumeration with Gobuster
Target IP: 192.185.38.3
Enumerate a Multillidae II vulnerable web app

ip -br -c a
	eth1@if203734  UP  192.185.38.2/24

nmap -sS -sV 192.185.38.2

Open the browser and navigate to
- http://192.185.38.3/

Use gobuster to enumerate directories, ignoring 403 and 404 status codes

gobuster dir -u http://192.185.38.3 -w /usr/share/wordlists/dirb/common.txt -b 403,404

Scan to find specific file extensions and interesting files

gobuster dir -u http://192.185.38.3 -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

# -u = url string
# -w = wordlist
# -b = status code blacklist
# -x = extensions string
# -r = follow redirect

gobuster dir -u http://192.185.38.3/data -w /usr/share/wordlists/dirb/common.txt -b 403,404 -x .php,.xml,.txt -r

Check the xml file
- http://192.185.38.3/data/accounts.xml

Burp Suite

🔬 Directory Enumeration with Burp Suite
Target IP: 192.221.162.3
Enumerate a Multillidae II vulnerable web app

ip -br -c a
	eth1@if203734  UP  192.221.162.2/24

nmap -sS -sV 192.221.162.3

Open the browser and navigate to
- http://192.221.162.3/
- Activate FoxyProxy Plugin
Start BurpSuite (set User options/Display/Look to Darcula and restart BurpSuite)
- Intercept the home page request and send it to Intruder
- Intruder - set HOST target IP and PORT
- Configure Payload Positions
  - Clear §
  - Add §name§ in the GET request
- Payloads - Options - add a list of strings and load the /usr/share/wordlists/dirb/common.txt list
- Start Attack and check the status code

Navigate to http://192.221.162.3/passwords/accounts.txt

PreviousIntro to Web App Pentesting Next🔬Web App Scanning

Last updated 2 years ago

Was this helpful?