Time
8 minutes
Difficulty
Intermediate

Video Transcription

00:05
Hello and welcome to the breaking stuff with Robert Siri's Welcome Back Today we're introducing you to Duerr Buster.
00:15
This tool is awesome and provides us with the ability to quickly look for hidden directories or potentially vulnerable directories that maybe shouldn't be exposed to the Internet through your weapon application servers. So excellent tool for automating those kind of brute force attacks against
00:33
Web directories and again,
00:36
just takes a bit of the load off of you as far as having to manually look for pages and the things of that nature. So
00:42
who would? This, too, will be most beneficial for? Well, anyone could really find a use for the tool if you're into cyber security or security testing. But specifically, let's call on systems security analysts that are working to better understand potential attack vectors such as exposed directories,
00:57
cyber defense analysts that are looking to create signatures for directory, brute forcing type activities and penetration. Testers looking too quickly automate some land application testing steps now, while not required to enjoy the continent this video and learn something new,
01:14
it is recommended that you have some fundamental knowledge of brute force attacks and how those work
01:18
some fundamental knowledge of Web application directory structures and overall final structures in general and then some fundamental knowledge of County Lennox command line utilization. This tool has the niceness of having both a gooey and command line structure, So we'll be using the gooey today. Let's jump right in.
01:38
All right, everybody, so jumping in here, we've gotta remind the *** machine up and running
01:44
and to the left, We've already done an end map scan of the target system for the sake of time. So with doorbuster were specifically targeting Web pages things of that nature to try and see what
01:55
pages exist legitimately and what Maybe there that, you know, shouldn't be such a CZ additional information about the page or logging pages that shouldn't be exposed
02:05
to the Web
02:06
on. And really, you know, this can help us an information gathering and may be narrowing down what we wanna target in our test. So when you want to bring doorbuster out, there's two ways you can do it. You can do doorbuster dash h here, and that will give you some contextual information on how to run the tool and some of the capabilities.
02:25
Now, as promised. This tool has a gooey
02:29
and so we can just type door Buster and pull that up instead of worrying about memorizing the command lines in tax here. Now, if you're a purist, go right ahead. Take your time. Read through that for everyone else. We're going to jump into using the gooey as promised. So at the top, we define our target.
02:46
And in this case, it is 1931681251 30
02:52
80 Here is tthe e port. We are attacking
02:55
you. Can d'oh get request on Lee or on a switch? We're going to keep that. And then the number of threads is how many tasks at the time You're essentially running here, so we're going to do about 50 Weaken Doom or but we'll just stick with something low. We're not going to run this to completion. It would take hours
03:13
to go through some of these lists and to do a pure brute force attack. You are talking quite a bit of time here. So with that in mind, we do have some restrictions
03:22
out here next to the file with list of directories or files. We're going to hit list info here. And this tells you what's in the dirt buster work list folder. We're gonna be using the directory lists small here just for a few seconds to generate some information. But we're not going to run it to completion
03:42
so we can click, browse,
03:45
and then that brings up our directory browsing window here. And then you can go up by clicking this button here to next to root,
03:53
and that takes you up one level. You can click the U. S. R. Folder or the user resource is folder. And then from there we go to share.
04:01
And then we're gonna scroll the way to the right here back to that word list holder that we got two very quickly be the Si Ella in our last video.
04:10
Good word lists.
04:12
You'll see that we've got a doorbuster director here,
04:15
and inside of that, we've got our
04:17
small dot t x t file, along with some others as well. So we're gonna use a standard start point brute force. The directories files be recursive here on going to kind of stick with the defaults in this, and then we're gonna let her rip
04:33
so I'm only gonna run it for a few seconds here. Um, we'll do this and just
04:39
We'll see, We'll just cancel that
04:42
and just let it continue
04:45
to generate a few things here so you can see that it would take a long time to finish this.
04:49
Um, but lucky for us,
04:54
it's already generated some data. So the thing I like about doorbuster is you can use the results treat here to kind of look through the successful response codes. 200. Um, and you can see we've got a PHP had been paged this tea, Vicky Page a doctor page with some additional information here.
05:15
So this would give you some contextual information about what's on the back end and potential attack Victor's. So let's just say that this completes we're going to stop it and you can generate a report over here. So I always advise if there's a way to easily get some documentation, do so
05:30
and will generate an XML C S V on day full text report.
05:36
And we'll just drop this on the desktop
05:41
and will select the directory here and it'll name and accordingly, as you can see Door buster here. So we'll generate this report.
05:47
And
05:48
we've got the full text report which includes when we ran the tool the time, Um
05:55
what the target? Woz. What? The results were as faras the responses the XML here for those of you that want to use that and then a C s v file, which could be good for, like, gripping real easy. Thio go through and do that.
06:09
So with that, let's just take a quick look at some of the information that was found here in the results tree. So, like the my PHP and men, we can go straight to that page by going to index right clicking and open and browser, and that should pop that page up. And then, from here,
06:25
you can do some research on the page trying to determine if there's any default credentials being used
06:30
and whether or not maybe it's using a vulnerable version of PHP. My ad men.
06:34
There are some other pages as well. Looks like we've got a calendar page here,
06:41
but it's behind ah, long in page, and so there might be something we can do with that.
06:46
We've got the index here. Test doesn't have anything under it,
06:51
Matilda
06:54
themes, etcetera. So you can see that this tool can really take the burden off of you as far as having to manually do tests against pages and can give you a starting point if you're doing some way of application testing.
07:06
So with that in mind again, this is just a high level introduction to the tool. I encourage you to do some testing on your own with permission. Of course, if you're testing any external resource is and just give the tool to try and see what you can do with it. And, uh,
07:23
you know, there's a use case here for just about anybody, whether you're doing Web application development, penetration, testing,
07:29
exploitation analysis If you're a blue team, ER that's trying Thio generate some wall data for this particular type of discovery. It's definitely a great tool to use, and it's pretty simple and straightforward.
07:45
All right, everybody. So in summary, we've provided you with a high level overview of doorbuster, some potential use cases where it could be beneficial and how it can really speed up the kind of information gathering components of your Web application attacks and testing.
08:01
And we provided a demo of how the tool could be used, primarily focusing on the DUI component.
08:05
And with that in mind, I want to thank you for your time today, and I look forward to seeing you again soon.

How to Use DirBuster (BSWR)

This is a multi-threaded Java application that performs brute force over directories and file names on web/application servers. The brute force approach by the tool shows all the hidden files and directories on web/application servers as well.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor