Exercise 8: Directory Browsing a WordPress Website using DirBuster and Accessing Shell
Scenario
This lab is a continuation of the previous lab exercise.
In the previous lab exercise, you have learned how to create a shell and upload it. It is essential for a pentester to determine the directory structure of a web application in order to browse them and find out if there are any unnecessary/sensitive folders that are browsable.
In this lab, you are going to learn how to browse directories using dirbuster, determine the location of the shell (uploaded in the previous lab exercise), browse it and gain access to the server.
In the previous lab exercise, you have learned how to create a shell and upload it. It is essential for a pentester to determine the directory structure of a web application in order to browse them and find out if there are any unnecessary/sensitive folders that are browsable.
In this lab, you are going to learn how to browse directories using dirbuster, determine the location of the shell (uploaded in the previous lab exercise), browse it and gain access to the server.
Lab Duration: 25 Minutes
- Click Kali Linux (External Network).
If Kali Linux lock screen appears, click on the screen and press Enter. If it does not appear, skip to the next task.
- Type root in the Username field and click Next.
- Type toor in the Password field and click Sign In.
- Once you log in to the machine, launch a command line terminal, type dirbuster and press Enter.
- DirBuster main window appears as shown in the screenshot:
- Type http://172.19.19.8 in the Target URL field and /wordpress in the Dir to start with field.
- Select Pure Brute Force radio button in the Select scanning type section, select a-z0-9 from the Char set drop-down list, set the Min Lengthto 1 and Max Length to 20 and check Use Blank Extention option.
- Click Start button to initiate the brute force attack.
- DirBuster begins to brute force the directories and files, and displays the scan status in the Scan Information tab as shown in the screenshot:
- Click the Results - List View tab to view the brute forced files and directories.
- Scroll down the Results - List View tab.
You will observe a directory named twentyseventeen, which is possibly the location where the 404.php file is stored.
- Click the Results - Tree View tab to view the directory structure in tree view.
It is found that the location of twentyseventeen theme is /wordpress/wp-content/themes/twentyseventeen/.
Therefore, we will be entering the URL http://172.19.19.8/wordpress/wp-content/themes/twentyseventeen/404.php in the web browser.
- Launch a web browser, type the URL http://172.19.19.8/wordpress/wp-content/themes/twentyseventeen/404.php in the address bar and press Enter.
- b374k shell is successfully launched in the web browser as shown in the screenshot.
- Thus, we have successfully launched a php shell by finding the directory structure using DirBuster.
Close all the windows.
In this lab, you have learned how to browse directories using dirbuster, determine the location of the shell, browse it and gain access to the server
0 comments:
Post a Comment