Further directory discovery
The word lists used in this phase are from Daniel Miessler's seclist: https://jarrettgxz-sec.gitbook.io/offensive-security-concepts/tools-services/wordlists.
The word list path shown in the examples below will be displayed as a redacted relative directory.
1. Enumeration of /
/Important options to note:
1.1 -x php : Fuzz with a .php extension added to each item in the word list
Interesting directories
/config.php -> empty page with no interesting source code content
/javascript and /vendor -> FORBIDDEN
/phpmyadmin -> php admin login page
2. Further enumeration
2.1 /phpmyadmin directory
/phpmyadmin directoryAfter looking through the sitemap in burp suite (refer to the burp suite sitemap section), I discovered an interesting looking directory: /phpmyadmin/js . This directory contained a lot of .js and .php files — as shown from burp suite.
Thus, I decided to further enumerate this directory with a common word list:
Important options to note:
-x php,js: Fuzz with a .phpand.jsextension added to each item in the word list
Note: specifying 2 extensions will double the runtime as the fuzzer will duplicate the requests
2.2 /javascript and /vendor directory
/javascript and /vendor directoryLooking back at the results from the first enumeration phase (part 1.1 of Initial Enumeration), I decided to further enumerate the /javascript and /vendor directories.
2.2.1 /javascript
2.2.2 /vendor
Upon visiting /vendor/composer, I was presented with a index listing.
Looking each file in this directory, I found out from the /vendor/composer/installed.json that this application uses firebase/php-jwt v6.10.0.
Last updated