Information gathering is the key to pentesting, before executing an exploit or attack, it’s worthwhile understanding the website’s structures, directories, files, and object use. After that, we can start to map the attack strategy or scenario which will be more effective. On other hand, by knowing what files and directories are there, we may find hidden or secret directories, files, or objects that the admin thinks could not be accessed by the public.
Dirb is a tool designed to find these objects, hidden or accessible, which was developed by The Dark Raver. Dirb methods are quite simple. It works by launching a dictionary-based attack against the target web server. You point at the URL and a port (basically HTTP on 80, HTTPS on 443) then you provide a wordlist. Dirb then sends HTTP GET requests to the website and listens for the site’s response.
If the URL gives a positive response, we know the directory or file are existing. If it elicits a “forbidden” request, we can probably summarise that there is a directory or file there and that it is private or hidden.
Here are the most important HTTP status codes at a glance that every browser uses:
- 100 Continue – Codes in the 100 range indicate that, for some reason, the client request has not been completed and the client should continue.
- 200 Successful – Codes in the 200 range generally mean the request was successful.
- 300 Multiple Choices – Codes in the 300 range can mean many things, but generally they mean that the request was not completed.
- 400 Bad Request – The codes in the 400 range generally signal a bad request. The most common is the 404 (not found) and 403 (forbidden).
Now, let’s get started using Dirb. Once again, we are fortunate enough that it is in-built into Kali Linux, so it’s not necessary to download or install anything. As you might know, Dirb is a commandline-based tool that also comes with a GUI version, named Dirbuster. But, I don’t prefer GUI, instead use a terminal!
STEP 1: Fire up Kali Linux and terminal
Open up the terminal and type :
Let’s take a look at the options dirb gives. Dirb is able to use a proxy, and handle authentication.
STEP 2: Define a target
Let’s say you have a desirable target, in this tutorial I set tulungagung.go.id as a target. Now, let’s check what server is used type command:
This site has apache on the webserver. So, we need to use a suitable wordlist to attack against apache.
STEP 3: Find the appropriate wordlist file
Dirb has its own wordlist, it is under /usr/share/wordlists/dirb
I found the apache name file under the vulns directory. I will use this file to use along with dirb against the target.
STEP 4: Launch attack!
Now, preparation is done, all set up into one command line.
dirb [url] [wordlist]
Holy shark found nothing. But, we notice there are CGI files there. I wonder if there are CGI wordlists available. Let’s find it!
Ahhaaaa…, I found you, named cgis.txt under vulns directory. Why I didn’t notice earlier that it’s located here. Now use this wordlist, let’s see if we found something.
Dirb started to launch dictionary based attack to guess folder or files based on wordlist file and server response. By the way, bruteforcing againts 3388 words will be so long, be patient, thats take times. But for me it’s enough, i have to uploaded to my post. haha. Thanks for reading, may you learn something here, share it! If you have any further questions please contact me here: https://www.hacktoday.io/u/bimando