Discovering End points and Sensitive Data: Lab: Information disclosure on debug page
All the websites will not have "robots.txt" to find the flaws, rather we should need to find out the paths by ourself. There are lot of tools available in the internet to find the endpoints of a website. Here we are going to learn about the tools called "Ferox Buster"
Ferox Buster link: https://github.com/epi052/feroxbuster
From the above link we can install this tool for our VM Kali linux, Windows, Linux or Mac OS
Once installed we should enter the below command to access Ferox buster
Syntax: ./feroxbuster --url [Target url] -w [wordlist url]
If above syntax throw error then remove ./
Target url: https://0a6600e4033d4feb80b3ea9700090020.web-security-academy.net/
wordlist url: https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/common.txt
Paste it in same root directory to avoid error otherwise you need to mention the exact path to access common.txt
Once you entered the above command. You will see the open points with various status codes of the target websites.
200 --> Success -- Positive response
cgi/bin --> Try access you will see Phpinfo
Php information of the target website which is massive find. From this we can find the vulnerability of that version of PHPServer.
Top comments (0)