5.2.5 Enumerating Resources
In this phase of the information gathering process, we aim to enumerate various resources, including subdomains, website structure, hidden files, configuration files, and user accounts. Each aspect is crucial for understanding the target's architecture and potential vulnerabilities. Let's delve into the details:
Crawling the Website
Crawling Process
Tool:
Utilize Burp Proxy for automated crawling of the website.
Steps:
Set the Scope:
Define the scope in the Target tab of Burp, specifying the domain (e.g.,
^www\.domain\.com$
).
Activate Proxy:
Ensure the proxy is activated on port 8080.
Start the Crawler:
Activate the crawler in the Spider tab.
Browse with Proxy:
Browse the website with the proxy enabled.
Automated Crawling
Benefits:
Burp Proxy facilitates automatic form submission, crawling of pages accessible via POST requests, and exploration of login-protected areas.
Filtering options for better data analysis.
Burp Features:
Advantages:
The tool integrates a fuzzer and HTTP request editors for further testing.
Right-click options enable sending pages to Intruder for fuzzing or to Repeater for manual request alteration.
Finding Hidden Files
Using DirBuster:
Tool:
DirBuster, an OWASP project, is valuable for crawling and discovering hidden files.
Steps:
Configure Settings:
Adjust DirBuster settings, including dictionary lists, extensions, user-agent, etc.
Execute the Tool:
Run the tool to probe the file system through HTTP requests.
Analyze Results:
Examine results presented as a tree of folders and files.
Backup and Source Code Files:
Objective:
Identify lazy coding practices, such as leaving backup files or source code files on the server.
Extensions to Probe:
Explore common extensions like
.bak
,.bac
,.old
,.000
,~
,.01
,\_bak
,.001
,.inc
,.Xxx
.
Enumerating User Accounts
Usernames Enumeration
Risks:
Poorly designed systems might inadvertently reveal sensitive information during the authentication process.
Example:
Incorrect login messages like "Login incorrect" or "Username blah does not exist" can expose valid usernames.
Tools for Enumeration
Usage:
Tools such as Burp Suite and Patator are effective for enumerating valid usernames.
Reminder:
Be cautious about the information revealed during the login stage.
Update Your Map
Importance:
Regularly update your information map with the findings, including enumerated usernames and any sensitive information.
Last updated