Finding files and folders with DirBuster

DirBuster is a tool created to discover, by brute force, the existing files and directories in a web server. We will use it in this recipe to search for a specific list of files and directories.

Getting ready

We will use a text file that contains the list of words that we will ask DirBuster to look for. Create a text file dictionary.txt containing the following:

info
server-status
server-info
cgi-bin
robots.txt
phpmyadmin
admin
login

How to do it...

1. Navigate to Applications | Kali Linux | Web Applications | Web Crawlers | dirbuster:
   
2. On the DirBuster's window, set the target URL to http://192.168.56.102/.
3. Set the number of threads to 20.
4. Select List based brute force and click on Browse.
5. In the browsing window, select the file we just created (dictionary.txt).
6. Uncheck the Be Recursive option.
7. For this recipe, we will leave the rest of options at their defaults.
8. Click on Start.
   
9. If we go to the Results tab, we will see that DirBuster has found at least two of the files in our dictionary: cgi-bin and phpmyadmin. The response code 200 means that the file or directory exists and can be read. PhpMyAdmin is a web-based MySQL database administrator; finding a directory with this name tells us that there is a DBMS in the server and it may contain relevant information about the application and its users.
   

How it works...

DirBuster is a mixture of crawler and brute forcer; it follows all links in the pages it finds but also tries different names for possible files. These names may be in a file similar to the one we used or may be automatically generated by DirBuster using the option of "pure brute force" and setting the character set and minimum and maximum lengths for the generated words.

To determine if a file exists or not, DirBuster uses the response codes from the server. The most common responses are listed, as follows:

• 200. OK: The file exists and the user can read it.
• 404. File not found: The file does not exist in the server.
• 301. Moved permanently: This is a redirect to a given URL.
• 401. Unauthorized: Authentication is required to access this file.
• 403. Forbidden: Request was valid but the server refuses to respond.