Information gathering is the key of pentesting start from, before launch an exploit or attack, its worthwhile understanding the websites structures, directories, files and objects uses. After that, we can start to map attack strategy or scenario which will be more effective. In other hand, by knowing what files and directories are there, we may find hidden or secret directories, files or object that the admin thinks that it could not be accessed by the public.
Dirb is a tool designed to find these objects, hidden or accessible, which developed by The Dark Raver. Dirb methods are quite simple. It works by launching dictionary based attack against target web server. You point at URL and a port (bassically http on 80, https on 443) then you provide with wordlist. Dirb then sends HTTP GET requests to the website and listens for the site’s response.
If the URL give positive response, we knows the directory or file are existing. If it elicits a “forbidden” request, we can probably summarise that there is a directory or file there and that it is private or hidden.
Here is the most important HTTP status codes at glance that every browser uses:
- 100 Continue – Codes in the 100 range indicate that, for some reason, the client request has not been completed and the client should continue.
- 200 Successful – Codes in the 200 range generally mean the request was successful.
- 300 Multiple Choices – Codes in the 300 range can mean many things, but generally they mean that the request was not completed.
- 400 Bad Request – The codes in the 400 range generally signal a bad request. The most common is the 404 (not found) and 403 (forbidden).
Now, let’s get started using Dirb. Once again, we are fortunate enough that it is in-built into Kali Linux, so it’s not necessary to download or install anything. As you might know, Dirb is commandline based tool which also comes with GUI version, named Dirbuster. But, i dont prefer GUI, instead use terminal!
STEP 1 : Fire up Kali Linux and terminal
Open up terminal and type :
Lets take a look at options dirb gives. Dirb are able to use proxy, and hadle authentication.
STEP 2 : Define a target
Let’s say you have a desirable target, in this tutorial i set tulungagung.go.id as target. Now, let’s check what server it used
type command :
This site has apache on webserver. So, we need to use suitable wordlist to attack against apache.
STEP 3 : Find appropriate wordlist file
Dirb has its own wordlist, it is under /usr/share/wordlists/dirb
I found apache name file under vulns directory. i will use this file to use along with dirb against the target.
STEP 4 : Launch attack!
Now, preparation is done, all set up into one command line.
dirb [url] [wordlist]
Holy shark, found nothing. But, we notice there are CGI files there. I wonder if there’s CGI wordlists available. Let’s find!
Ahhaaaa…, i found you, named cgis.txt under vulns directory. Why i didn’t notice earlier that it’s located here. Now use this wordlists, let see if we found something.
Dirb start to launch dictionary based attack to guess folder or files based on wordlist file and server response. By the way, bruteforcing againts 3388 words will be so long, be patient, thats take times. But for me it’s enough, i have to uploaded to my post. haha. Thanks for reading, may you learn something here, share it! If you have any further questions please contact me here: https://www.hacktoday.io/u/bimando