8.2.3. Directory Brute Force with Gobuster

Albatta, Doston aka! Quyidagi matnning to‘liq o‘zbek tiliga tarjimasi:

Veb-serverda ishlayotgan ilovani aniqlaganimizdan so‘ng, navbatdagi qadam — u orqali ommaga ochiq barcha fayl va kataloglarni xaritalash (ya’ni aniqlash) bo‘ladi. Buni amalga oshirish uchun biz nishonga ko‘plab so‘rovlar yuborib, yashirin yo‘llarni aniqlashimiz kerak bo‘ladi.

Bu turdagi aniqlashda yordam beradigan vositalardan biri — Gobuster vositasidir.1 Gobuster — Go dasturlash tilida yozilgan va brute force orqali serverdagi kataloglar hamda fayllarni topishga yordam beruvchi vosita bo‘lib, wordlistlardan foydalanadi.

Gobuster bir nechta aniqlash usullarini (modlarini) qo‘llab-quvvatlaydi — masalan, fuzzing, dns va boshqalar. Lekin biz hozircha faqat dir (katalog) usulidan foydalanamiz.

Buning uchun nishon IP manzilini -u flagi orqali va wordlist manzilini -w orqali beramiz. Gobuster odatda 10 ta ip oqimini bir vaqtning o‘zida ishlatadi. Tarmoqdagi trafikni kamaytirish uchun -t flagi orqali oqimlar sonini kamaytirish mumkin.

kali@kali:~$ gobuster dir -u 192.168.50.20 -w /usr/share/wordlists/dirb/common.txt -t 5
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     <http://192.168.50.20>
[+] Method:                  GET
[+] Threads:                 5
[+] Wordlist:                /usr/share/wordlists/dirb/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Timeout:                 10s
===============================================================
2022/03/30 05:16:21 Starting gobuster in directory enumeration mode
===============================================================
/.hta                 (Status: 403) [Size: 278]
/.htaccess            (Status: 403) [Size: 278]
/.htpasswd            (Status: 403) [Size: 278]
/css                  (Status: 301) [Size: 312] [--> <http://192.168.50.20/css/>]
/db                   (Status: 301) [Size: 311] [--> <http://192.168.50.20/db/>]
/images               (Status: 301) [Size: 315] [--> <http://192.168.50.20/images/>]
/index.php            (Status: 302) [Size: 0] [--> ./login.php]
/js                   (Status: 301) [Size: 311] [--> <http://192.168.50.20/js/>]
/server-status        (Status: 403) [Size: 278]
/uploads              (Status: 301) [Size: 316] [--> <http://192.168.50.20/uploads/>]

===============================================================
2022/03/30 05:18:08 Finished
===============================================================

3-rasm – Gobuster ishga tushirilgan holat

Bu yerda biz /usr/share/wordlists/dirb/ katalogida joylashgan common.txt wordlistidan foydalandik va u jami 10 ta resursni aniqladi.

Ularning to‘rttasiga kirish uchun huquqlar yetarli emas (Status: 403), lekin qolgan oltitasi ochiq va albatta qo‘shimcha tekshiruvni talab qiladi.

Yana kerak bo‘lsa, gobusterga oid qo‘shimcha flaglar, boshqa wordlistlar yoki stealth usullarini ham ko‘rib chiqishimiz mumkin!