Bruteforcing File Names on Webservers using DirBuster |
Bruteforcing File Names on Webservers using DirBuster
Author: Manjunath aka Punter 
See Also
About DirBuster
DirBuster is a multi threaded Java based application designed to brute force directories and files names on web/application servers. During Web Application Pentesting finding the sensitive directories files and folders is always  a quite tough  work.

Now a days we often don't see those default installation files/directories as in the olden days and finding out the sensitive pages really gets challenging. In such cases, DirBuster helps in finding those unknown and sensitive file names and directories. This can prove to be a great information to start with in a real web penetration testing.
In action with DirBuster
Now i will be showing you how easy it is to use Dirbuster to find those sensitive directories and files on webservers. Here for the demo purpose I will be using Mutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10.

Here are the steps to run DirBuster
  1. cd /pentest/web/dirbuster
  2. root@punter:/pentest/web/dirbuster# java -jar DirBuster-0.12.jar -u
Once you start the Dirbuster it will appear as shown in the screenshot below
XSS in action
Now browse and select the 'directory bruteforce lists' from the DirBuster folder (example: directory-list-1.0.txt) as shown below
XSS in action
Now run the start button and you will see Dirbuster starting bruteforcing the filenames & directories on the webserver as shown below. In the black window you can see all the filenames and directories discovered by Dirbuster.
XSS in action
One of the discovered file '../passwords/accounts.txt' looks interesting. On opening you will see that it has the passwords related to webserver accounts.
Finding out those hidden files and directories on the webserver is a tedious task for anyone involved in web application pentesting. DirBuster makes that task much simpler and faster with its easy to use GUI interface.

Even the webserver owners can easily use this tool to remove any of the sensitive files/directories from their webservers and taking it one step further in securing their servers.
See Also