Re: RE: listing directory structure within webserver root

From: dietrich@heusel.de
Date: Sun Aug 29 2004 - 22:29:04 EDT


when using linux or unix you can also take the command wget with its
powerful parameters for downloading the whole directory and its
contents. for more info on wget see "man wget" or howto.

cheers,
dietrich

Chuck Fullerton <chuckf69@ceinetworks.com> schrieb am 29.08.2004,
21:47:23:
> I would recommend a tool like Webreaper. This will mirror the website onto your machine and allow you to inspect it closely.
>
> Chuck Fullerton
> CEH, OPST, CISSP, CSS1
>
> -----Original Message-----
> From: Jose Maria Lopez [mailto:jkerouac@bgsec.com]
> Sent: Sunday, August 29, 2004 12:59 PM
> To: pen-test@securityfocus.com
> Subject: Re: listing directory structure within webserver root
>
>
> El sáb, 28 de 08 de 2004 a las 21:04, Serg Belokamen escribió:
> > Hi All,
> >
> > Is there a way to somehow enumerate a directory structur on a remote
> > webserver? Brute force springs to mind but thats mathematically
> > impossible, to go through all combinations, etc.
> >
> > Cheers,
> > Serg
>
> Nessus can tell you the directories in the root of your
> web server and I think that also nikto can, so it could
> be possible to traverse the directory tree.
>
> --
> Jose Maria Lopez Hernandez
> Director Tecnico de bgSEC
> jkerouac@bgsec.com
> bgSEC Seguridad y Consultoria de Sistemas Informaticos
> http://www.bgsec.com
> ESPAÑA
>
> The only people for me are the mad ones -- the ones who are mad to live,
> mad to talk, mad to be saved, desirous of everything at the same time,
> the ones who never yawn or say a commonplace thing, but burn, burn, burn
> like fabulous yellow Roman candles.
> -- Jack Kerouac, "On the Road"
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------
>
>
>
> ------------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. All of our class sizes are
> guaranteed to be 12 students or less to facilitate one-on-one interaction
> with one of our expert instructors. Check out our Advanced Hacking course,
> learn to write exploits and attack security infrastructure. Attend a course
> taught by an expert instructor with years of in-the-field pen testing
> experience in our state of the art hacking lab. Master the skills of an
> Ethical Hacker to better assess the security of your organization.
>
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> -------------------------------------------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. All of our class sizes are
guaranteed to be 12 students or less to facilitate one-on-one interaction
with one of our expert instructors. Check out our Advanced Hacking course,
learn to write exploits and attack security infrastructure. Attend a course
taught by an expert instructor with years of in-the-field pen testing
experience in our state of the art hacking lab. Master the skills of an
Ethical Hacker to better assess the security of your organization.

http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:01 EDT