Hidden directories usually contain sensitive files with important information.
Observe the following steps to get started with analyzing discovered files:
- Within the DirBuster results window, click on the Results – Tree View tab. This will provide you with a tree structure that allows you to expand each folder:
By expanding the cgi-bin folder, we can see two files, as shown in the preceding screenshot. Using the web browser, we can add the directory extension and the IP address of the server to create a URL.
- Entering the http://192.168.56.101/cgi-bin/ address, the web browser shows us the files, last modification date, file size, and description:
- Additionally, we can use dirb to check for files and directories on a target web server. dirb allows us to perform a quick scan if we use the following syntax:
dirb http://192.168.56.101
- Optionally, you can choose to use a custom wordlist as part of your command:
dirb http://192.168.56.101 <wordlist>
The following screenshot is a quick scan that was performed by DirBuster. If you look closely, you'll notice that DirBuster was able to discover hidden directories and files, along with their sizes:
Performing such tasks can be a bit time-consuming and may take a few minutes, or even hours, to complete.
In the following section, we will take a dive into learning about cryptography.