scanning web folder

Lets get down to business on ASM, reverse engineering, product activation, and what it's really all about. [ THERE ARE NO WAREZ HERE ]
Post Reply
User avatar
stasik
Guru
Posts: 525
Joined: Thu Oct 12, 2006 8:38 am
Location: dublin

scanning web folder

Post by stasik » Tue Apr 14, 2009 7:22 pm

this is the scenario: there is a picture in the www.xxx.com/pictures/aaa.jpg is there a way to "find" other files in the same folder or sub-folders? i am using BurpSuite [http://portswigger.net/suite/] or WebAssistant [http://www.proxy-offline-browser.com/] to find the locations of pictures used by flash applications and download them. but with these applications i can only see the location of the files used by flash application. but how to find other files?
i imagine it can be done by brute-force, but is there a more intelligent way/application? coz if there is a picture "PEOPLE_of-europe_215.jpg" it will take a long time to discover it by brute-forcing the folder :(
thanks

Gregor847
n00b
Posts: 5
Joined: Tue Sep 05, 2006 7:29 pm

Re: scanning web folder

Post by Gregor847 » Thu Apr 23, 2009 6:09 pm

Amazing, i'm looking for the exactly same thing :o

User avatar
stasik
Guru
Posts: 525
Joined: Thu Oct 12, 2006 8:38 am
Location: dublin

Re: scanning web folder

Post by stasik » Fri Apr 24, 2009 9:46 am

most amazing, no reply....
i have a java soft which taks web address as input and reply if the page is ok/existent or not (link checker). i could extend that, putting that in a loop and each time adding a new/different letter to the link to be checked (brute force), but i thought there is any soft to do that more efficient. google says nothing(

User avatar
narada
Hacker in Training
Posts: 92
Joined: Sat Apr 25, 2009 10:05 am

Re: scanning web folder

Post by narada » Sat Apr 25, 2009 11:52 am

Intellitamper is a great Windows utility I used to use for web spidering. I think that may be what you're looking for.
http://www.softpedia.com/get/Internet/O ... mper.shtml

User avatar
stasik
Guru
Posts: 525
Joined: Thu Oct 12, 2006 8:38 am
Location: dublin

Re: scanning web folder

Post by stasik » Sat Apr 25, 2009 7:56 pm

heh, viewtopic.php?f=19&t=994
yes, something like that. but the only way to scan is dictionary attack, which is even worse then a brute-force due to its limitations... in the main folder it finds only index.html and the flash file. dont see the rest(
but thanks narada, thats a start)

EDITED:
actually, the application suggested by narada works, so does the BurpSuite. it didnt work on my site, but works good on other sites. i think this is because the folders on my site are hidden(files are 0704, but folders are 0701). but even if the folder is hidden, the files from inside are still accessible, but not found by any of the application. i guess a brute force is the only way :(

johnmaia
n00b
Posts: 1
Joined: Mon Mar 12, 2012 11:46 am

Re: scanning web folder

Post by johnmaia » Tue Mar 13, 2012 10:01 am

Have you found a solution?
I'm looking for the same thing...

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: scanning web folder

Post by Cool_Fire » Thu Mar 22, 2012 6:35 am

If there's no directory listing allowed, you have no options other than spidering for links or brute forcing. That's the way it's been designed.

In some cases you can get a directory listing tough a custom code injection exploit in a web app, but that's pretty rare.
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply