Gizli Dizinleri (dir_scanner) Metasploit kullanarak Tarama

Bugün, ev sahipleri ve web sitelerindeki dizinleri tarıyoruz. Bir Pentester olarak, her adımı atmamız ve mümkün olduğunca çok bilgi toplamamız önemlidir. Bu tarama için dirb veya dirbuster gibi pek çok araç var. Ancak şu an için, dir_scanner'ı metasploit'tan tartışıyoruz.

Başlayalım! Önce meta kaynağı yüklemeliyiz.

Gizli Dizinleri (dir_scanner) Metasploit kullanarak Tarama

Bundan sonra isimli bir modül kullanacağız:

1	use auxiliary/scanner/http/dir_listing

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

msf > use auxiliary/scanner/http/dir_scanner msf auxiliary(dir_scanner) > display choices Module choices (auxiliary/scanner/http/dir_scanner):    Title        Present Surroundings                                          Required  Description    ----        ---------------                                          --------  -----------    DICTIONARY  /usr/percentage/metasploit-framework/knowledge/wmap/wmap_dirs.txt  no        Trail of phrase dictionary to make use of    PATH        /                                                        sure       The trail  to spot recordsdata    Proxies                                                              no        A proxy chain of structure sort:host:port[,type:host:port][...]    RHOSTS                                                               sure       The objective cope with vary or CIDR identifier    RPORT       80                                                       sure       The objective port (TCP)    SSL         false                                                    no        Negotiate SSL/TLS for outgoing connections    THREADS     1                                                        sure       The collection of concurrent threads    VHOST                                                                no        HTTP server digital host

Bu modül icin seçenekleri kontrol edin

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

msf auxiliary(dir_listing) > show options Module options (auxiliary/scanner/http/dir_listing):    Name     Current Setting  Required  Description    ----     ---------------  --------  -----------    PATH     /                yes       The path to identify directoy listing    Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]    RHOSTS                    yes       The target address range or CIDR identifier    RPORT    80               yes       The target port (TCP)    SSL      false            no        Negotiate SSL/TLS for outgoing connections    THREADS  1                yes       The number of concurrent threads    VHOST                     no        HTTP server virtual host msf auxiliary(dir_listing) >

Simdi RHOSTS tu sunucunun ip adresine ayarlıyoruz ve tariyoruz

1 2 3

msf auxiliary(dir_listing) > set RHOSTS 10.10.10.8 RHOSTS => 10.10.10.8 msf auxiliary(dir_listing) >

Simdi tarayicinin çalışmasına izin verebiliriz

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

msf auxiliary(dir_scanner) > set RHOSTS 10.10.10.8 RHOSTS => 10.10.10.8 msf auxiliary(dir_scanner) > run [*] The use of code '404' as now not discovered for 10.10.10.8 [*] Discovered http://10.10.10.8/.../ 403 (10.10.10.8) [*] Discovered http://10.10.10.8/Joomla/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/cgi-bin/ 403 (10.10.10.8) [*] Discovered http://10.10.10.8/error/ 403 (10.10.10.8) [*] Discovered http://10.10.10.8/icons/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/oscommerce/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/phpmyadmin/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/safety/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/webalizer/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/webdav/ 200 (10.10.10.8) [*] Scanned 1 of 1 hosts (100% whole) [*] Auxiliary module execution finished msf auxiliary(dir_scanner) >