eCPPTv2-PTP-Notes
HomeGitHubPortfolioTwitter/XMediumCont@ct
  • 📝eCPPTv2 / PTP - Notes
  • 1️⃣1 - ​System Security
    • 1.1 Architecture Foundamentals
    • 1.2 Assemblers and Tools
    • 1.3 Buffer Overflow
    • 1.4 Cryptography
    • 1.5 Malware
    • 1.6 Shellcoding
  • 2️⃣2 - Network Security
    • 2.1 System/Host Based Attacks
      • 2.1.1 Windows Vulnerabilities
    • 2.2 Network Based Attacks
    • 2.3 The Metasploit Framework (MSF)
      • MSF Introduction
      • Information Gathering & Enumeration
      • Vulnerability Scanning
      • Client-Side Attacks
      • Post Exploitation
      • Armitage
    • 2.4 Exploitation
    • 2.5 - Post Expolitation / Pivoting
      • 2.5.1 Pivoting Guidelines
      • 2.5.2 Pivoting Example (3 Targets)
    • 2.6 Social Engineering
  • 3️⃣3 - PowerShell for PT
    • 3.1 PowerShell
  • 4️⃣4 - Linux Exploitation
    • 4.1 Linux Vulnerabilities
    • 4.2 Linux Exploitation
    • 4.3 Linux Post-Exploitation
    • 4.4 Linux Privilege Escalation
      • 4.4.1 Kernel Exploitation
      • 4.4.2 SUID Exploitation
      • 4.4.3 CronJobs
  • 5️⃣5 - Web App Security
    • 5.1 - Web App Concepts
      • 5.1.1 HTTP/S Protocol
      • 5.1.2 Encoding
      • 5.1.3 Same Origin
      • 5.1.4 Cookies
      • 5.1.5 Session
      • 5.1.6 Web App Proxies
    • 5.2 - Information Gathering
      • 5.2.1 Gathering Information on Your Targets
      • 5.2.2 Infrastructure
      • 5.2.3 Fingerprinting Frameworks and Applications
      • 5.2.4 Fingerprinting Custom Applications
      • 5.2.5 Enumerating Resources
      • 5.2.6 Information Disclosure Through Misconfiguration
      • 5.2.7 Google Hacking
      • 5.2.8 Shodan HQ
    • 5.3 - Cross Site Scripting
      • 5.3.1 XSS Anatomy
      • 5.3.2 Reflected XSS
      • 5.3.3 Stored XSS
      • 5.3.4 DOM-Based XSS
      • 5.3.5 Identifying & Exploiting XSS with XSSer
    • 5.4 - SQL Injection
      • 5.4.1 Introduction to SQL Injection
      • 5.4.2 Finding SQL Injection
      • 5.4.3 Exploiting In-Band SQL Injection
      • 5.4.4 Exploiting Error-Based SQL Injection
      • 5.4.5 Exploiting Blind SQL Injection
      • 5.4.6 SQLMap
      • 5.4.7 Mitigation Strategies
      • 5.4.8 From SQLi to Server Takeover
    • 5.5 - Other Common Web Attacks
      • 5.5.1 Session Attacks
      • 5.5.2 CSRF
  • 6️⃣6 - ​Wi-Fi Security
    • 6.1 Traffic Analysis
  • 7️⃣7 - ​Metasploit & Ruby
    • 7.1 Metasploit
  • 📄Report
    • How to write a PT Report
  • 🛣️RoadMap & My Experience
  • 📔eCPPT Cheat Sheet
Powered by GitBook
On this page
  • Information Disclosure Through Misconfiguration
  • Directory Listing
  • Log and Configuration Files
  • HTTP Verbs and File Upload
  1. 5 - Web App Security
  2. 5.2 - Information Gathering

5.2.6 Information Disclosure Through Misconfiguration

Information Disclosure Through Misconfiguration

In this section, we explore how misconfigurations in web servers can lead to information disclosure. Common misconfigurations, such as directory listings, log and configuration files, and insecure HTTP verbs, can provide valuable insights into the target's security posture.

Directory Listing

  • Overview:

    • Misconfigured directories may inadvertently expose file listings on the web server.

    • A sample directory listing page is shown in [img-241].

  • Detection:

    • Perform a GET request for each directory found using tools like DirBuster output.

    • Look for patterns such as "To parent directory," "Directory Listing For," or "Index of."

Log and Configuration Files

  • Logs:

    • Text files left by applications to record activities, errors, logins, etc.

    • Valuable information may be present in logs.

  • Configuration Files:

    • Contain settings and preferences for web applications.

    • Examples include Joomla's configuration.php.

    • Backup alternatives like configuration.php.bak should be checked.

  • Target:

    • Logs and configuration files may contain sensitive data like database credentials.

HTTP Verbs and File Upload

  • PUT Verb:

    • Allows file uploads via the PUT HTTP verb.

    • Check for availability using tools like PuTTY or netcat.

  • Verification:

    • Validate which directories are writable and correlate with the ability to upload files.

    • Understand the relationship between web server user privileges and directory write attributes.

  • Exploration:

    • Identify directories used for storing user-submitted content (avatars, attachments, etc.).

    • Guesswork may be involved in finding writable directories.

  • Upload Process:

    • Use PUT requests to attempt file uploads to candidate directories.

    • Successful upload results in a 201 Created response.

  • Verification Steps:

    • Provide Content-Length in the PUT request payload.

    • Confirm successful upload by checking for the file in the browser.

Understanding and exploiting misconfigurations is a critical aspect of web application security testing. By systematically checking for directory listings, inspecting log and configuration files, and exploring potential issues with HTTP verbs and file uploads, security analysts can uncover valuable information that might be unintentionally exposed by the target's misconfigurations.

Previous5.2.5 Enumerating ResourcesNext5.2.7 Google Hacking

Last updated 1 year ago

5️⃣