5.2.5 Enumerating Resources

In this phase of the information gathering process, we aim to enumerate various resources, including subdomains, website structure, hidden files, configuration files, and user accounts. Each aspect is crucial for understanding the target's architecture and potential vulnerabilities. Let's delve into the details:

Crawling the Website

Crawling Process

  • Tool:

    • Utilize Burp Proxy for automated crawling of the website.

  • Steps:

    1. Set the Scope:

      • Define the scope in the Target tab of Burp, specifying the domain (e.g., ^www\.domain\.com$).

    2. Activate Proxy:

      • Ensure the proxy is activated on port 8080.

    3. Start the Crawler:

      • Activate the crawler in the Spider tab.

    4. Browse with Proxy:

      • Browse the website with the proxy enabled.

Automated Crawling

  • Benefits:

    • Burp Proxy facilitates automatic form submission, crawling of pages accessible via POST requests, and exploration of login-protected areas.

    • Filtering options for better data analysis.

  • Burp Features:

    • Advantages:

      • The tool integrates a fuzzer and HTTP request editors for further testing.

      • Right-click options enable sending pages to Intruder for fuzzing or to Repeater for manual request alteration.

Finding Hidden Files

  • Using DirBuster:

    • Tool:

      • DirBuster, an OWASP project, is valuable for crawling and discovering hidden files.

    • Steps:

      1. Configure Settings:

        • Adjust DirBuster settings, including dictionary lists, extensions, user-agent, etc.

      2. Execute the Tool:

        • Run the tool to probe the file system through HTTP requests.

      3. Analyze Results:

        • Examine results presented as a tree of folders and files.

  • Backup and Source Code Files:

    • Objective:

      • Identify lazy coding practices, such as leaving backup files or source code files on the server.

    • Extensions to Probe:

      • Explore common extensions like .bak, .bac, .old, .000, ~, .01, \_bak, .001, .inc, .Xxx.

Enumerating User Accounts

Usernames Enumeration

  • Risks:

    • Poorly designed systems might inadvertently reveal sensitive information during the authentication process.

  • Example:

    • Incorrect login messages like "Login incorrect" or "Username blah does not exist" can expose valid usernames.

Tools for Enumeration

  • Usage:

    • Tools such as Burp Suite and Patator are effective for enumerating valid usernames.

  • Reminder:

    • Be cautious about the information revealed during the login stage.

Update Your Map

  • Importance:

    • Regularly update your information map with the findings, including enumerated usernames and any sensitive information.

Previous5.2.4 Fingerprinting Custom ApplicationsNext5.2.6 Information Disclosure Through Misconfiguration

Last updated