Information Gathering

DIRB

We use dirb to search for scan directories and look for files with different extensions in a web server.

Useful directories would be

http://172.104.180.76/backup/

http://172.104.180.76/phpinfo.php

http://172.104.180.76/robots.txt

Untitled

Results:

i) If the php is not upgrade, it has the possibility to have security risk

Untitled

ii) Review backup files for sensitive information. It isn’t uncommon to find unreferenced or forgotten files that can be used to obtain important information about the infrastructure or the credentials.

Untitled

Untitled

iii) Another source of clues about unreferenced directories is the /robots.txt file used to provide instructions to web robots.

Untitled

http://172.104.180.76/user/add-site.php

Untitled

http://172.104.180.76/ | cat ../config.php

Untitled

Untitled