scanning web folder

Lets get down to business on ASM, reverse engineering, product activation, and what it's really all about. [ THERE ARE NO WAREZ HERE ]

scanning web folder

Postby stasik » Tue Apr 14, 2009 7:22 pm

this is the scenario: there is a picture in the www.xxx.com/pictures/aaa.jpg is there a way to "find" other files in the same folder or sub-folders? i am using BurpSuite [http://portswigger.net/suite/] or WebAssistant [http://www.proxy-offline-browser.com/] to find the locations of pictures used by flash applications and download them. but with these applications i can only see the location of the files used by flash application. but how to find other files?
i imagine it can be done by brute-force, but is there a more intelligent way/application? coz if there is a picture "PEOPLE_of-europe_215.jpg" it will take a long time to discover it by brute-forcing the folder :(
thanks
User avatar
stasik
Guru
 
Posts: 525
Joined: Thu Oct 12, 2006 8:38 am
Location: dublin

Re: scanning web folder

Postby Gregor847 » Thu Apr 23, 2009 6:09 pm

Amazing, i'm looking for the exactly same thing :o
Gregor847
n00b
 
Posts: 5
Joined: Tue Sep 05, 2006 7:29 pm

Re: scanning web folder

Postby stasik » Fri Apr 24, 2009 9:46 am

most amazing, no reply....
i have a java soft which taks web address as input and reply if the page is ok/existent or not (link checker). i could extend that, putting that in a loop and each time adding a new/different letter to the link to be checked (brute force), but i thought there is any soft to do that more efficient. google says nothing(
User avatar
stasik
Guru
 
Posts: 525
Joined: Thu Oct 12, 2006 8:38 am
Location: dublin

Re: scanning web folder

Postby narada » Sat Apr 25, 2009 11:52 am

Intellitamper is a great Windows utility I used to use for web spidering. I think that may be what you're looking for.
http://www.softpedia.com/get/Internet/O ... mper.shtml
User avatar
narada
Hacker in Training
 
Posts: 92
Joined: Sat Apr 25, 2009 10:05 am

Re: scanning web folder

Postby stasik » Sat Apr 25, 2009 7:56 pm

heh, viewtopic.php?f=19&t=994
yes, something like that. but the only way to scan is dictionary attack, which is even worse then a brute-force due to its limitations... in the main folder it finds only index.html and the flash file. dont see the rest(
but thanks narada, thats a start)

EDITED:
actually, the application suggested by narada works, so does the BurpSuite. it didnt work on my site, but works good on other sites. i think this is because the folders on my site are hidden(files are 0704, but folders are 0701). but even if the folder is hidden, the files from inside are still accessible, but not found by any of the application. i guess a brute force is the only way :(
User avatar
stasik
Guru
 
Posts: 525
Joined: Thu Oct 12, 2006 8:38 am
Location: dublin

Re: scanning web folder

Postby johnmaia » Tue Mar 13, 2012 10:01 am

Have you found a solution?
I'm looking for the same thing...
johnmaia
n00b
 
Posts: 1
Joined: Mon Mar 12, 2012 11:46 am

Re: scanning web folder

Postby Cool_Fire » Thu Mar 22, 2012 6:35 am

If there's no directory listing allowed, you have no options other than spidering for links or brute forcing. That's the way it's been designed.

In some cases you can get a directory listing tough a custom code injection exploit in a web app, but that's pretty rare.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
User avatar
Cool_Fire
Not a sandwich
 
Posts: 1880
Joined: Fri May 09, 2003 1:20 pm
ICQ: 336613081
Website: https://www.insomnia247.nl/
Yahoo Messenger: cool_fire_666
AOL: EvilCoolFire
Location: 41 6d 73 74 65 72 64 61 6d


Return to ā€œ%sā€ Apps & RE

Who is online

Users browsing this forum: No registered users and 0 guests

cron