🔎 Find hidden directories with Dirb
👉 Often, in order to hack a site, we need to connect and use some object. This can be an admin panel or a subdirectory that is vulnerable to attacks. The main thing, of course, is to find these objects since they can be hidden.
DIRB, developed by The Dark Raver, is a tool designed to find such objects hidden and not. Because it’s already included with Kali, you don’t need to download or install anything to use it.
Finding hidden directories with Dirb
Step 1: Open a terminal
The first step, as usual, is to launch Kali and open a terminal.
Step 2: Launching the DIRB Program
With a terminal open, type dirb to bring up the help window.
dirb
As you can see in the screenshot above, writing DIRB is very simple, and with a lot of options. In its simplest form, we just need to type the dirb command followed by the URL of the site we are testing.
dirb URL
Step 3Use DIRB to easily scan for hidden objects
In its simplest form, DIRB will crawl the site looking for 4,612 object types. Let’s test it on our favorite test site, webscantest.com.
dirb http://webscantest.com
DIRB starts crawling by looking for keywords among site objects.
When DIRB finds an active directory (code 200), it starts searching that directory for more hidden objects. Code 503 means “temporarily unavailable”.
Finally, when it’s done, DIRB reports the number of objects found (in this case, 113). Note that in the help box above, we can use the -o switch to send the results to an output file in order to save them in a text file.
Step 4: Check for Special Vulnerable Lists
We can use DIRB to check for specific vulnerabilities on certain types of sites. Each page has its own vulnerabilities. They are all NOT the same. DIRB can help us find vulnerabilities that are specific to a particular page.
In Kali, DIRB has special word lists to look for these vulnerable, often hidden objects. You can find them at:
cd /usr/share/dirb/wordlists/vuln
Then view the contents of this directory:
ls -l
As you can see from the above, there are many wordlists in dirb containing vulnerable object keywords for various pages such as Apache, ColdFusion, FatWire, ISS, JBoss, Oracle, SAP, Tomcat, WebLogic and many more. Since I suspect that my site is using Apache as a server (I can either capture a banner or use httpprint to verify this), it makes sense to check the apache.txt wordlist first.
We can now create a dirb us command to use Apache’s vulnerable list by typing:
dirb http://webscantest.com /usr/share/dirb/wordlists/vulns/apache.txt.
After pressing the Enter key, DIRB will scan the site for vulnerable objects from the apache.txt list.
DIRB will now use Apache’s list to look for known vulnerabilities. If he finds one, he can take the next step and look for the exploit in Exploit-DB, Metasploit, SecurityFocus (www.securityfocus.com), or any of the many other exploit sources on the Internet.
Of course, you must use the vulns word list that matches the technology used on the site. For example, if this is a Windows IIS server, then the word list iis.txt should be used.
You must be logged in to post a comment.