[TUT] Exploiting Websites - Unrestricted Access
#1
~~~~ Hey, all ~~~~


I just wanted to post a little something about the compromising of websites/web servers that do not
restrict access to particular resources. Whether or not this has a specific term, I'm not sure and I
do not have it in mind right now, but I'll get into what exactly I'm talking about. Oh, it's called 'Directory Traversal'.

I decided to write this up quickly because of how common it is, and how easy it can be done.

It doesn't require any tools what so ever, and I'm confident that anybody reading this probably knows how
to go crazy with it.

Very very easy. So let's get into it.





The scenario


So sometimes you'll visit a website and see that there are references to different directories,
maybe '/assets/' or '/includes/' etc.



[Image: 4999896f26fb498fa7a5a9f37014681b.png]



Basically folders that are self-explanatory in terms of what they contain.





The good way


Now... more often than not, precautions will have been taken for users trying to
directly access certain directories that are not relevant to the website's purpose...


and you may be hit with something like this upon visiting 'http://secure-site.com/public/assets/'


'403'd'

[Image: 4e258acab70d49bf97e4a016514e7b87.png]



We won't go past tampering with 403s, as I'm only demonstrating the exploitation of websites when this hasn't been
implemented by the developer/administrator.





The dun goofd way


You try to access the directory of an asset, image, file, whatever, and this happens...



[Image: c6a6dde4df0347438098eb9127afecc6.png]



The reason why this is the bad way is because I can now map out the structure of this website.

When playing tag with a web server, it almost always starts small...
Stacking information and gradually escalating your privileges, is it not?

Anywho, this is so common, that what I'm actually looking at right now,
is the first website that I tried this one, for the purpose of this very tutorial.

Found it with a quick dork, the first link.

I just want to mention that implementing a '403 index.php' on these directories isn't much
securer than this - because users will still have access to these files if they guess their names right,
or use some crawler to find what you've got stashed in here.





Big whoop?


I'm not saying that any time you see this, you've pwnd the server...
But you can look for certain files like

'config.php', 'admin.php','mysql.php','connect.php' etc.

Things that usually contain database/login/server information, and you can use that information
to strategically attack the website.

A lot of these files download instantly, all kinds of formats. Some of them show up as text
on the browser and you can just read the most sensitive data, right off their own website...





Conclusion


I'd like to make it clear that I'm not endorsing this stuff.
But I ain't dropping the "Educational" joke either (even tho it kinda is)
because I cannot take that  seriously anymore lol.

So I'll say it like this.

The purpose of this is for you to know:
- How easily certain websites can be compromised.
- How common this is
- What not to do with your website.


With that being that, I hope you enjoyed this quick thread, post any doubts, queries or opinions in the comments.

Have a nice day. Hat Tip
#2
I never actually thought of doing a thing like that.
Thanks for the idea!
Reply
#3
(09-19-2016, 05:57 PM)TheEvilSocks Wrote: I never actually thought of doing a thing like that.
Thanks for the idea!

Yeah, it's too simple and easy to be overlooked. 

Lol, no worries.
Reply
#4
I already do this.
And i can tell you its more common than you might think i never knew that anyone else did this but its super simple.
Thanks for the guide ;D
Reply
#5
(11-15-2016, 08:33 AM)Cylar Wrote: I already do this.
And i can tell you its more common than you might think i never knew that anyone else did this but its super simple.
Thanks for the guide ;D

There is actually an entire module on this in Ethical Hacking called DTA (Directory Traversal Attack).

I mean it has to be common if it's being taught on an academic level, hehe.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)