We covered the first part solution to D0not5top Vulnhub lab by using a combinations of active information gathering techniques along with directory traversal and browsing to gather all the flags.
We covered the second part solution to D0not5top Vulnhub lab by using JohnTheRipper & Metasploit to gather the challenge flags.
Directory traversal is another name for path traversal. An attacker can read any file on the server that the program is executing on thanks to these vulnerabilities.
An attacker may occasionally be able to write to any file on the server, which would give them the ability to alter application behavior or data and eventually seize total control of the machine.
A Java program called DirBuster uses several threads to search through directories and file names on web and application servers. These days, it’s common to come across something that appears to be a web server in its normal installation state but actually contains hidden pages and applications. DirBuster searches for these.
These kinds of programs, meanwhile, are frequently limited to the file list and directory that they include. An other method was employed to produce this. The directories and files that developers actually use were gathered by searching the Internet and creating the list from scratch! With nine distinct lists included, DirBuster is incredibly efficient at locating those hidden files and folders. If that wasn’t enough, DirBuster additionally offers the ability to use a pure brute force approach, which eliminates all potential hiding places for hidden files and directories.
The Complete Practical Web Application Penetration Testing Course
Video Walkthrough | Part one
Video Walkthrough | Part two