Powered by Blogger.
Home » » Module 08: Web Application Penetration Testing Methodology 8

Module 08: Web Application Penetration Testing Methodology 8

Written By AKADEMY on Thursday, July 4, 2019 | 10:12 PM

Exercise 8: Directory Browsing a WordPress Website using DirBuster and Accessing Shell

Scenario

This lab is a continuation of the previous lab exercise.
In the previous lab exercise, you have learned how to create a shell and upload it. It is essential for a pentester to determine the directory structure of a web application in order to browse them and find out if there are any unnecessary/sensitive folders that are browsable.
In this lab, you are going to learn how to browse directories using dirbuster, determine the location of the shell (uploaded in the previous lab exercise), browse it and gain access to the server.
Lab Duration25 Minutes
  1. Click Kali Linux (External Network).
    If Kali Linux lock screen appears, click on the screen and press Enter. If it does not appear, skip to the next task.
    Screenshot
  2. Type root in the Username field and click Next.
    Screenshot
  3. Type toor in the Password field and click Sign In.
    Screenshot
  4. Once you log in to the machine, launch a command line terminal, type dirbuster and press Enter.
    Screenshot
  5. DirBuster main window appears as shown in the screenshot:
    Screenshot
  6. Type http://172.19.19.8 in the Target URL field and /wordpress in the Dir to start with field.
    Screenshot
  7. Select Pure Brute Force radio button in the Select scanning type section, select a-z0-9 from the Char set drop-down list, set the Min Lengthto 1 and Max Length to 20 and check Use Blank Extention option.
    Screenshot
  8. Click Start button to initiate the brute force attack.
    Screenshot
  9. DirBuster begins to brute force the directories and files, and displays the scan status in the Scan Information tab as shown in the screenshot:
    Screenshot
  10. Click the Results - List View tab to view the brute forced files and directories.
    Screenshot
  11. Scroll down the Results - List View tab.
    You will observe a directory named twentyseventeen, which is possibly the location where the 404.php file is stored.
    Screenshot
  12. Click the Results - Tree View tab to view the directory structure in tree view.
    It is found that the location of twentyseventeen theme is /wordpress/wp-content/themes/twentyseventeen/.
    Therefore, we will be entering the URL http://172.19.19.8/wordpress/wp-content/themes/twentyseventeen/404.php in the web browser.
    Screenshot
  13. Launch a web browser, type the URL http://172.19.19.8/wordpress/wp-content/themes/twentyseventeen/404.php in the address bar and press Enter.
    Screenshot
  14. b374k shell is successfully launched in the web browser as shown in the screenshot.
    Screenshot
  15. Thus, we have successfully launched a php shell by finding the directory structure using DirBuster.
    Close all the windows.
In this lab, you have learned how to browse directories using dirbuster, determine the location of the shell, browse it and gain access to the server
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT