Http/files dir
De www.metasploit-es.com.ar
El "files_dir" toma una lista de palabras como entrada y consulta un host o rango de hosts por la presencia de archivos interesantes en el objetivo.
msf > use auxiliary/scanner/http/files_dir msf auxiliary(files_dir) > show options Module options: Name Current Setting Required Description ---- --------------- -------- ----------- DICTIONARY /opt/metasploit3/msf3/data/wmap/wmap_files.txt no Path of word dictionary to use EXT no Append file extension to use PATH / yes The path to identify files Proxies no Use a proxy chain RHOSTS yes The target address range or CIDR identifier RPORT 80 yes The target port THREADS 1 yes The number of concurrent threads VHOST no HTTP server virtual host
La lista incluida DICTIONARY servira a nuestros propositos para que simplemente debamos definir el valor RHOSTS y pongamos a trabajar el escaneador contra nuestro objetivo.
msf auxiliary(files_dir) > set RHOSTS 192.168.1.1 RHOSTS => 192.168.1.1 msf auxiliary(files_dir) > run [*] Using code '404' as not found. [*] Found http://192.168.1.1:80/backup 403 [*] Found http://192.168.1.1:80/download 301 [*] Found http://192.168.1.1:80/images 301 [*] Found http://192.168.1.1:80/include 301 [*] Found http://192.168.1.1:80/index 302 [*] Found http://192.168.1.1:80/proxy 200 [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed msf auxiliary(files_dir) >
© Offensive Security 2009
Original de www.offensive-security.com Traducido por cbk999
