How to run dirb in linux?
A path traversal attack is also known as “directory traversal” aims to access files and directories that are stored outside the web root folder. By manipulating variables with reference files with “dot-dot-slash (…/)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code, configuration, and critical system files.
Source: https://www.owasp.org/index.php/Path_Traversal
Requirements
Target- BWAPP Labs, DVWA Labs,
Attacker – Kali Linux
What is DIRB?
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary-based attack against a web server and analyzing the response.
It comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also, DIRB sometimes can be used as a classic CGI scanner, but remember is a content scanner, not a vulnerability scanner.
The main purpose is to help in professional web application auditing. Especially in security-related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.
Source: https://tools.kali.org/web-applications/dirb
Tool DIRB is built-in Kali Linux. Open the terminal and type the following command to get an overview of the tools included in the package:
dirb
-a
The above attack works by using the default wordlist_files common.txt, but we can change this word list and could select another wordlist for directory traversal. You must follow the following path to view all available wordlists.
You can see from the image below that there are so many text files as wordlist; we can use them as required.
In this attack the common.txt is set as a default word list for directory traversal, the protester can use the following command. Open the terminal and type the following command to start the Brussels Directory attack.
Using the common.txt file, the DIRB returns the enumerated directories found within the target URL as shown in the below image.
There are a lot of situations where we need to extract the directories of a specific extension over the target server, and then we can use the -X parameter of the dirb scan. This parameter accepts the file extension name and then searches the given extension files over the target server or machine.
The above command will extract all directory path related to php extension as shown the following image.
For the purpose of the record maintenance, better readability, and future references, we save the output of the dirb scan onto a file. To this, we will use the parameter -o of the dirb scan we can save the output of the dirb scan in a text file.
The above command will generate an output.txt file at the desktop of the enumerated directories.
Now that we have successfully executed the command, now let’s traverse to the location to ensure whether the output has been saved on the file on not. In this case, our location for output is /root/output.txt.
The Status-Code element is a 3-digit integer where the first digit of the Status-Code defines the class of response and the last two digits do not have any categorization role. In this attack, we are using –N parameter on code 302 as shown below.
As you can grasp from the given screenshot that the dirb scan is ignoring the NOT FOUND code that is., 302.
During the normal dirb scan as shown below, some of the pages generate warnings; the dirb scan skips those directories where it encounters any warnings.
While doing a scan that is to be done very deeply and verbosely, we want that the dirb scan to not avoid these warnings and do an in-depth scan, hence we use the -w parameter of the dirb scan.
As you can observe the highlighted directory /dev/shell is enumerated even after warning message which is missing in the default scan.
While working in different scenarios, there is some environment we come across that cannot handle the flood created by the dirb scan, so in those environments, it is important that we delay the scan for some time. This can be done easily with the -z parameter of the dirb scan. In this parameter, the time is provided on the scale of milliseconds. Like as shown in our given example, we have given 100 seconds delay to dirb.
The dirb scan, by default, scans the directories recursively. It means it scans a directory and then traverses inside that directory to scan for more subdirectories. But in some scenarios, where time is insufficient, we set the dirb to not scan recursively. This can be achieved using the -r parameter.
A 404 error is an HTTP status code that means that the page you were trying to reach on a website couldn’t be found on their server. 404 Not Found error messages are frequently customized by individual websites. In some scenarios we need to find the 404 pages too, which dirb skips by default. To find those pages we will use -v parameter.
From given below the image you can observe it has also extracted all those directories are relevant to 404 errors.
By using the –X parameter along with target URL with a specific extension, for example, .php, it enumerates all file or directory with .php extension, but by using –H parameter with specific extension, for example .php along with target URL it will enumerate all files or directories named with php as shown in the given below image.
From the attacks used in the previous situations, in order to run the dirb tool, we will have to add a forward slash (/) at the end of the URL to be accepted in dirb. In order to check that we need to try one attack on URL ending without any forward slash.
You will observe that the scan doesn’t get executed successfully because of the lack of the forward slash, the importance of which we discussed earlier in this article.
Try this attack once again with the same command with some changes so in order to run that command we have to add –t in the previous command.
As now we can observe that the even in the absence of the forward slash, we still have successfully executed the dirb scan.
HTTP Authentication/Authentication mechanisms are all based on the use of 401-status code and WWW-Authenticate response header. The most widely used HTTP authentication mechanisms are Basic. The client sends the user name and password as unencrypted base64 encoded text.
So, in order to bypass this kind of authentication with the help of dirb we have used the command below:
As a result, it is shown Status –code 200 for the test: test and authorized credential on target URL.
Using –p option enables proxy URL to be used for all requests, by default it works on port 1080. As you can observe, on exploring target network IP in the web browser it put up “Access forbidden error” which means this web page is running behind some proxy.
To ensure this prediction, we run the dirb command twice, firstly on port 80 which is by default and further on port 3129 along with –p option which enables proxy parameter.
From the given below image, you can take reference for the output result obtained for above commands, here we haven’t obtained any directory or file on executing the first command where else in the second command executed successfully.
In this post, you will learn about the dirb tool and we will see some of the most used commands in this tool and also below is the video format of the post, check it out 👇🏽
Dirb is a web application analysis tool and even you can do brute forcing on the target using the tool. “But hey, wait my professor used to say brute-forcing is dangerous than selling drugs“
There is a high chance for a hacker to get caught while using the brute force technique. This tool works by launching a dictionary-based attack against a web server and analyzing the response.
So, while talking about brute-forcing we need a set of usernames and passwords and this tool comes with the list of usernames and passwords.
You can find the list here 👇🏽
cd /usr/share/wordlists/dirb
Advertisement
Use the below link to download the tool and if you are a kali Linux user then the tool must be pre-installed. Anyways to install the tool in kali Linux use this command 👇🏽
apt-get install dirb
-a: Specify your custom USER_AGENT.-c: Set a cookie for the HTTP request.-f: Fine tunning of NOT_FOUND (404) detection.-H: Add a custom header to the HTTP request.-i: Use case-insensitive search.-l: Print “Location” header when found.-N: Ignore responses with this HTTP code.-o: Save output to disk.-p: Use this proxy. (Default port is 1080)-P: Proxy Authentication.-r: Don’t search recursively.-R: Interactive recursion. (Asks for each directory)-S: Silent Mode. Don’t show tested words. (For dumb terminals)-t: Don’t force an ending ‘/’ on URLs.-u: HTTP Authentication.-v: Show also NOT_FOUND pages.-w: Don’t stop on WARNING messages.-X / -x: Append each word with these extensions.-z: Add a milliseconds delay to not cause excessive Flood.
Advertisement
To be a pro in using the dirb tool make sure you follow the examples below properly and If you have any doubt comment down below and watch the video I made on the tool.
To do a standard scan use this command 👇🏽
dirb
dirb http://45.33.32.156
You should take a look at the below screenshot for sure and then you will understand we are enumerating the .php for the login page of the target.
dirb http://target/ -X .php
-X / -x: Append each word with these extensions.
To save the output in a file, just use this command 👇🏽
dirb http://192.168.1.106/ -o output.txt
-o: Save output to disk
Bypassing any errors are found while scanning, to do so, use the below command 👇🏽
dirb http://192.168.1.106/-N 302
-N: Ignore responses with this HTTP code.
You can delay the scan to get a deeper detailed scan. And below is the command for speeding up the scan.
dirb http://192.168.1.106 -z 100
By, Now you should be familiar with the dirb tool and check my youtube video on dirb, there are more commands and explanations.
Advertisement
DIRB is a Web Content Scanner. It looks for existing (and/or hidden) Web Objects. It basically works by launching a dictionary based attack against a web server and analyzing the responses. It comes pre-installed with Kali Linux.
DIRB comes with a set of preconfigured attack wordlists for easy usage but you can use your custom wordlists. Also DIRB sometimes can be used as a classic CGI scanner, but remember that it is a content scanner not a vulnerability scanner.
DIRB’s main purpose is to help in professional web application auditing. Specially in security related testing. It covers some holes not covered by classic web vulnerability scanners. DIRB looks for specific web objects that other generic CGI scanners can’t look for. It doesn’t search vulnerabilities nor does it look for web contents that can be vulnerable.
Before using DIRB on our Kali Linux operating system, we are going to see the help options of it by simply using following command on our terminal window:
We can see the options we can use with DIRB in the following screenshot:
Using DIRB is very easy, we just need to run dirb
We can see the result in the following screenshot:
We also can use a custom wordlist by adding the path of the wordlist at the end of previous command as following example:
In the following screenshot we can see that we are using our specified wordlist.
With the help of DIRB we can find hidden directories on a web target, which may contain juicy information.
- DirBuster. Free • Open Source. Mac. Windows. Linux.
- Patator. Free • Open Source. Windows. 4 alternatives to Patator. patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage.
- Dirstalk. Free • Open Source. Mac. Windows. Linux.
- Gobuster. Free • Open Source. Penetration Testing Tool. Linux.
What is Dirb
DIRB is a command line based tool to brute force any directory based on wordlists. DIRB will make an HTTP request and see the HTTP response code of each request
How it works
It internally has a wordlist file which has by default around 4000 words for brute force attack. There are a lot of updated wordlists available over the internet which can also be used. Dirb searches for the words in its wordlist in every directory or object of a website or a server. It might be an admin panel or a subdirectory that is vulnerable to attack. The key is to find the objects as they are generally hidden.
How to get it?
Donwload Dirb via Github : https://github.com/seifreed/dirbDownload Dirb via Sourceforge : https://sourceforge.net/projects/dirb/
Note : I used Kali Linux and Dirb comes pre-installed with Kali.
Purpose of Dirb in Security testing:
Purpose of DIRB is to help in professional and web application auditing in security testing. DIRB looks for almost all the web objects that other generic CGI scanners can’t look for. It doesn’t look for vulnerabilities but it looks for the web contents that can be vulnerable.
Using Dirb:
Step 1 — Open Terminal
Step 2 — Start Dirb
Once we have a terminal open, go ahead and type dirb to get the help screen.
Kali> dirb
As you can see in this screenshot above, DIRB’s syntax is very simple with multiple options. In its simplest form, we only need to type the command dirb followed by the URLof the website we are testing.
Kali> dirb URL
Step 3 — Dirb for simple hidden object scan
with the Dirb’s default word list file it searches the URL for 4612 Object types. Let’s try it on test site, webscantest.com.
kali > dirb http://webscantest.com
DIRB begins the scan looking for those keywords among the website objects.
The results list with the response code and the size of the file for each ping. Also, dirb starts searching the files of the folder which returns the response code as 200. It searches the entire folders with the wordlist and displays the results.
Finally, when DIRB is done, it reports back the number of found objects (113 in this case). Note that in the help screen above, we can use the -o switch to send the results to an output file to save the results to a text file.
Testing for Special Vulnerable list
We can use DIRB to test for specific vulnerable objects within specific types of web technologies. Each web technology has different vulnerabilities. They are NOT all the same. DIRB can help us look for specific vulnerable objects specific to the particular technology.
In Kali, DIRB has specific wordlists to search for these vulnerable often hidden objects. You can find them at:
kali > cd /usr/share/dirb/wordlists/vuln
Then list the contents of that directory:
kali > ls -l
More Questions
- What is new to netflix canada?
- Where's orlando brown now?
- What is whatsdelete?
- How to install apache maven in amazon linux?
- When your hip is in pain?
- How to know if chase credit card is activated?
- What is hd in full?
- why is ctc still pending?
- okonomiyaki where to eat?
- How to turn off auto renew wall street journal?
