DEV Community

Muhammad Subhan
Muhammad Subhan

Posted on

Offensive Security Intro

This is the starting of my journey. The first path I cross is TryHackMe. This is the first room from PreSecurity. Dirb, a tool that discovers hidden/unlinked pages on a website by rapidly guessing common folder and file names from a wordlist. A CODE:200 response means the page exists. Example: dirb https://example.com/ might reveal https://example.com/admin/, https://example.com/config.php, https://example.com/backup/, etc. In the room (a fake bank), this exposed an admin dashboard and a users.db file that were reachable by anyone with the URL. Why it's a vulnerability: those pages should have been behind a login or blocked — leaving them accessible lets an attacker reach sensitive data directly. Remediation: require authentication on admin areas, keep database/backup files out of web-accessible folders, return 403/404 for sensitive paths.

Top comments (0)