Scribd
Upload
75 views9 pages

© 2018 Caendra Inc. - Hera For Waptv3 - Information Gathering

Uploaded by

Saw Gyi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
75 views9 pages

© 2018 Caendra Inc. - Hera For Waptv3 - Information Gathering

Uploaded by

Saw Gyi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 9

© 2018 Caendra Inc.

| Hera for WAPTv3 | Information Gathering 1


In these Information Gathering labs, the student can practice techniques to discover
hidden files and folders that may reveal sensitive information, useful for later tests against
the target web application itself.

Once you are connected in VPN to the lab environment, all the web applications will be
available at the following URL: http://info.infogat.site/.

There are three main sections for each type of lab: Video, Lab, Challenges.

• Video section contains web applications used during video lessons. Therefore, if
you need any information about the scenario, the attacks and so on, please refer to
the corresponding video.
• Labs section contains web application where you can practice the techniques of the
specific module and have solutions. You can find them later in this manual
• Challenges labs do not have solutions; otherwise, why call them challenges? If you
study the course and think like a penetration tester, you will achieve the goal!

The best tool is, as usual, your brain. Then you may need of:

• Web Browser
• Burp Suite
• Dirbuster

Once you have your virtual network ready, configure the following IP address as default
DNS: 10.100.13.37

• WINDOWS: change the property of the TAP network device, adding as first DNS
server of the IP of the server.
• LINUX: add an entry into /etc/resolv.conf file with the IP address of the server

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 2


Poema reading club is a web application for a reading club. Although it discloses some
information about the location and the people behind the group, there is some information
contained in hidden files.

Use information gathering techniques and tools in order to find all the images stored in
the web application. One of them contains a secret!

• How to enumerate files and folders


• Use specific pattern for brute force listing
• Configure tools such as Burp Suite and Dirbuster

• Inspect the web application


• Configure Burp Suite and spider the web application
• Locate the folder containing the images and find the pattern used for the images
names
• Configure Dirbuster in order to bruteforce all the images and find the secret

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 3


Please go ahead only if you are really stuck or if you have
completed the labs

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 4


In order to crawl the web application, configure the proxy options in both Burp and your
web Browser.

Once the proxy is configured and you are able to intercept all the requests and the
responses, add the target host to the scope.

Once the target web application has been added to the scope, click on the filter menu and
select the “Show only in-scope items.” Moreover, since we are going to focus our tests on
images, be sure to check the “Images” box in the MIME type filter.

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 5


Now we can simply right-click on the web application root and select “Spider this host.”

Burp will automatically issue a few requests against the web application. You can check
them in the spider tab.

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 6


Spidering the host will give us a better view of the target structures: files, folders and much
more.

Now that we have a better overview of the web application, we can see in the tree view that
there is a folder named gallery, which contains six images.

The images are all linked somewhere in the web application, and burp is automatically able
to find them. If we inspect the names, we can see that they are just incremental numbers.
Since our goal is to find hidden images, we can use URL fuzzing to retrieve unlinked
information from the server.

Of course, we cannot do it manually…it will require too much time. We can then use
Dirbuster!

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 7


We have already located an interesting directory: gallery.

We also know the pattern used by the web developer to name the images. Let us then
configure Dirbuster as follow:

The above Dirbuster configuration will try to fuzz all the images contained in the gallery
folder. Therefore, it will try to access URL such as

• /gallery/1.jpg
• /gallery/1.png
• /gallery/1.gif
• /gallery/2.jpg
• /gallery/2.png
• /gallery/2.gif

and so on.

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 8


The following image shows the results obtained:

From here, we can see that there are three other images not linked in the web application.
It is time to open them and verify their content!

© 2018 Caendra Inc. | Hera for WAPTv3 | Information Gathering 9

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy