Results 1 to 5 of 5

Thread: Enumerating old or backup files Share/Save - My123World.Com!

  1. #1

    Enumerating old or backup files

    Hi,

    Can someone let me know how one can find files like admin2.php or admin.php.old files on webserver. I have heard w3af can do that but unable to figure it out.

    Further dirbuster can also do that but wouldn't it be more efficient if I can feed the results of a spider. And it uses those results as seed as well e.g. if spider gives pages/directories like /admim /admin/index.php then tool can try /admin2/index.php or /adminold/index.php /adminonl/index.php.old etc.

    If it is possbile plz point me how to do that.

    thanks in advance for any your feedback.

  2. #2
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    not a complete answer.
    but if you know that w3af can do it check there is a plugin in w3af to include all the directories you want it to scan.
    that might help you.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    Can you point out which plugin you are talking about?

    Thanx

  4. #4
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    sorry for not pointing the source first

    this plugin is what i was talking about. :
    http://w3af.sourceforge.net/plugin-d...#importResults
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  5. #5
    Super Commando Dhruv abhaythehero's Avatar
    Join Date
    Sep 2010
    Location
    Lucknow/Pune,India
    Posts
    466
    Blog Entries
    2

    Source code disclosure by .git in web application

    Often developers use git to manage there code repo and push it to servers. What they sometimes forget it is to delete that .git directory.

    This is a special directory made by git which contains head so that different backup versions can be sought when needed.

    Here is an interesting read as to how the penetration tester found this directory and used for source code disclosure. Thus enumerating old or backup files. SkullSecurity Blog Archive Using "Git Clone" to get Pwn3D

    Google dork for checking above is

    Code:
    ".git" intitle:"Index of"
    Last edited by abhaythehero; 08-09-2012 at 06:57 PM. Reason: Added Google Dork
    In the world of 0s and 1s, are you a zero or The One !

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •