Why directory browsing is important?

Viewing 8 reply threads
  • Author
    Posts
    • #7913
      cyber.spirit
      Participant

      hi guys.
      In all of pentest learning videos which i watch they always say check the webserver to find directory browsing addresses u can find it via nikto or the robots.txt file.
      I’ve find some directory browsing addresses in my friend’s site during the pentest now what? What can i do with it? I just report it or have we some methods to penetrate with directory browsing?

      Totally why directory browsing is important?

    • #50012
      dynamik
      Participant

      You simply don’t want to readily disclose directory contents. There may be files like db.conf.php.old001 or tax_return2011.pdf lying around somewhere. Granted, such files shouldn’t be on a web server in the first place, but if someone forgets about them or makes a mistake, you don’t want them openly displayed for the entire world to see.

    • #50013
      cyber.spirit
      Participant

      @ajohnson wrote:

      You simply don’t want to readily disclose directory contents. There may be files like db.conf.php.old001 or tax_return2011.pdf lying around somewhere. Granted, such files shouldn’t be on a web server in the first place, but if someone forgets about them or makes a mistake, you don’t want them openly displayed for the entire world to see.

      Ok man so u mean i must report them to turn the directory service off that set? Nothing more?

    • #50014
      dynamik
      Participant

      Correct. You could add a warning about making sure only necessary files are present, etc., and add some extra value, but the core solution is indeed just disabling directory browsing.

    • #50015
      tturner
      Participant

      Also it doesn’t stop at the directory you are currently viewing. Just because the current directory doesn’t display anything interesting doesn’t mean that $path/../../../../../etc/passwd isnt viewable (have to play with the path’s here, can sometimes be loaded by script paths, templates, cookies, hidden form fields, etc.) Check out https://www.owasp.org/index.php/Testing_for_Path_Traversal for more info.

    • #50016
      superkojiman
      Participant

      @Cyber.spirit wrote:

      I’ve find some directory browsing addresses in my friend’s site during the pentest now what? What can i do with it?

      Depends. Sometimes nothing. Other times, you might find something that reveals more about the site, such as services, or users on the server, configuration files, etc.

    • #50017
      m0wgli
      Participant

      You can also try and find hidden directories and content through brute force using tools such as dirbuster for example:

      https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

    • #50018
      cyber.spirit
      Participant

      @m0wgli wrote:

      You can also try and find hidden directories and content through brute force using tools such as dirbuster for example:

      https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

      Wow man thank u what a great source i haven’t known that. I’ll try to find some sensitive data thanx again

    • #50019
      rance
      Participant

      To pile on top of what everyone else said, if you find old app files, like login.php.bak, guess what, you can download that file and get the raw PHP code, which may contain sql connection credentials, code level notes like:

      /* if a user puts in special characters, they can access resources they shouldn’t. will fix soon */

      All sorts of goodies… This could give you all sorts of juicy tidbits of info for further attacks.

Viewing 8 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?