We could use basic enumeration techniques and tools such asFfuforGoBusterto find files and directories and try to locate a viable path via trial and error. However, this could take an unnecessary amount of time that we can use for debugging the exploit itself, so let’s choose another method...
可以尝试上传webshell,找到kali自带的webshell,对php-reverse-shell.php的配置信息修改一下,修改成我们的信息并上传 上传成功后,需要我们找到webshell路径,使用gobuster对当前网址扫描目录,扫描完成后发现uploads文件夹 gobuster dir -u http://10.129.64.26/ -w /usr/share/dirb/wordlists/small.txt -x php 在访问we...
Directory bursting is carried out using a combination of automated tools and a collection of scripts called wordlists. Some of these tools include Gobuster, Dirb, FFUF, Dirbuster, etc. How does directory bursting work? What Is a Directory?
- DIRB: http://dirb.sourceforge.net/ - Dirsearch: https://github.com/maurosoria/dirsearch - Dirbuster: https://tools.kali.org/web-applications/dirbuster - Gobuster: https://github.com/OJ/gobuster - Wfuzz: https://github.com/xmendez/wfuzz - ffuf: https://github.com/ffuf/ffuf - Burpsuit...