OWASP

Course
Time
12 hours 9 minutes
Difficulty
Beginner
CEU/CPE
12

Video Transcription

00:01
Hey, everyone, welcome back to the course. So in the last video, we wrapped up our discussion on Nick does. So we went ahead, look through the rest of our output from our command. We ran, and we noticed some other vulnerabilities or other areas of sense of sensitive information that were being exposed to in a potential attacker.
00:17
In this video, we're gonna cover door busters. So we're just gonna cover a couple of commands, will run with their buster tool to look for potential files or directories that are exposed on. We'll take a look at our results.
00:28
Now we're to start off in the Cali terminal. So I'm just continuing on from the last lab, which is actually what you should be doing. If you for some reason canceled out your lab, then by all means, go ahead and launch the labs again and come into this particular lab for the sensitive data exposure. And then we're also going to have you come into part two of the lab, which is gonna be the door buster tool.
00:46
So here's the terminal prop. We already have it open. I'm just gonna go ahead and type clear impress. Enter I'm not necessarily a requirement. I just like to clean it up so clear in Cali, Lennox or in Lenox will actually clear whatever you've typed so far and make it a little prettier. And we're all about pretty.
01:02
So let's move on with her laugh.
01:03
Next thing we're gonna do is actually started about doorbuster tool. Now, this is gonna once we talked, this commanding and press center is gonna actually launch a gooey interface for us now, and you'll see what? That what I'm talking about. What, That in a second?
01:15
So what's his type and door buster
01:17
and press enter on the keyboard
01:19
and it's gonna take a few seconds or so. It might take up to, like, 15 or 20 seconds to actually launch the gooey interface, but it will launch their eventually and you'll see a soon as I mentioned, it's gonna take 15 to 20 seconds. It pulls up right away, eh? So I made very based on your your experience made very based on, you know, of course, the standard things like connection speed, except
01:38
all right, so let's go back to our lab documents, figure out like, what do we actually need to do in this tool.
01:42
So Step number three here. We're gonna just take this in the h t T p Colon. Ford's last four slash me till today, so let's go and do that Now.
01:51
Http, for colon forts last four slash me kill a day. We're gonna type that in this target. U R l box.
02:00
He and I forgot my slash at the end. We'll add that in There s so the next thing we're gonna do is we're gonna change the number of thread. So this little slider here kind of the center of the show's number of threads. We're gonna change that from 10 up to fifties when you go up to 50 on that. So this grab this little slider item here and just pull it up to 50.
02:19
And sometimes you have to play around with your mouths to get it. You see, I went to 51.
02:23
Sometimes I play around and you want to get it right? I have 50.
02:29
If my mouse cooperate, I will get mine at 50. Let's see here.
02:38
And apparently my mouse is not gonna work with me today.
02:49
Alright, there we go. Who sometimes as a challenge, as you can see, to get the 50 going there. But we are all set now. I'm good to go.
02:55
All right, So now, under this middle section were says file with a list of D r A D I. R s, which is directories and files were actually gonna navigate to this location here, we're gonna go to user share, wordless and then dirt buster. So let's go and do that now. So the way we do that, it's weird. And click this browse button,
03:14
and then once it opens up, we're actually gonna go back here. So we're gonna click
03:17
we're this drop down menu, and then click this little forward slash, which is our root directory.
03:23
From there there, we see the user folder were in a double click on that
03:29
and then in here, we're gonna go to the share. So you see right here we have share. Next, we're going a word list, and then we'll finally go to the dirt buster. So let's go and do that now.
03:38
So we're going to share, so just double click on that. You'll see once that pulls up, we have to scroll over, and we'll get finally to the word list. It's a little ways over. You kind of have to go almost to the end here.
03:49
He should be the next stack. There. There we are. So wordless right there is. Go ahead, double click on that.
03:54
Well, that's gonna take a second or so to open up.
03:59
And then from there we will do the door buster.
04:02
So this one right here is going to double click on that
04:05
now, inside a Here.
04:08
There's a particular file we want to guess. We want to get this directory dash list Dash 2.3. Dash medium dot T X T.
04:15
It's a directory. Dash list out 2.3. Dash medium dot T x t. So it's gonna be this one right here.
04:23
We just want to click on that and then click of these select list button.
04:27
All right, so you'll see it stamps that in there for us. So we're good to go on that.
04:32
All right, so let's move on with our lab document here.
04:36
So now we're gonna do is we're gonna unchecked this box. It says be recursive kind of near the bottom in the center,
04:43
and then we're gonna do one more change and then we'll go and start running door Buster, No door Buster is gonna take some time to run. We're actually not gonna let it run all the way. What is gonna take a look at the results but unchecked the box next to be recursive
04:55
and then the next area we're gonna fill out it's gonna be this D I R or directory to start with what you know. So we're gonna fill that out, It's gonna be this right here is step number seven. We're gonna type in Ford Slash Mattila Day four slash
05:08
So you'll see that we've already got the Ford Slash in there So we can just type in Mattila Day
05:13
and then afford slash after that.
05:15
And then finally, we're gonna go ahead and actually cook the star, But now to run the tool. So let's go and do that. Now just click the start button at the bottom, right,
05:24
and you'll see him take a second. It's Nobody's gonna start running for us now. As I mentioned, this may take a while to fully run and be done. Let it run all the way. You're welcome to on your end, but just know You just want to pause the video and restarted again or, you know, finish it out. Once you're done running,
05:41
that's what is gonna let that run just a few more seconds or so Here. Now, once we let it run for a bit, we're gonna click on the results list. View tab. So it's this one here in the center, near the top.
05:51
And then when I want you to take a look at it is were there any files found by this particular tool? So we'll let it run for just another moment of cell. You see, it's about 14 or 15% done. And as I mentioned, it does take several minutes, actually complete. But let's go ahead and click on results dash list for you. So go and click on that now and you'll see we already have information showing in there. Right?
06:13
So question Ever wanted dirt buster find any files? Of course. A date. Right, So we see the pH the index dot PHP file. We see you know, other files in here as well. If we scroll down, we'll see a lot more stuff. If we let this run for hours on end. We'll see a whole lot of stuff, so you'll see here. The gist of it is that we've
06:30
of been able to see certain files were able to see that we can actually obtain the file.
06:35
So in this video, we just talked about dirt buster. Now, in the next video, we're gonna look at a sample air message output and just determine if there's any sensitive information being sent in that particular air message.

Up Next

OWASP

Established in 2001, the Open Web Application Security Project (OWASP) offers free security tools and resources to help organizations protect critical apps. Cybrary’s OWASP certification training course covers the organization’s popular “Top 10” risk assessment.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor