Marial's Notes
  • Hello!
  • Pentesterlab Labs
    • Recon Badge
      • recon_00 (/robots.txt)
      • recon_01 (404 pages)
      • recon_02 (/.well-known/security.txt)
      • recon_03 (directory listing)
      • recon_04 (/admin)
      • recon_05 (wfuzz)
      • recon_06 (vhost)
      • recon_07 (vhost over TLS)
      • recon_08 (alt name)
      • recon_09 (header)
      • recon_10 (visual recon)
      • recon_11 (virtual host brute)
      • recon_12 (load balance)
      • recon_13 (TXT)
      • recon_14 (zone transfer)
      • recon_15 (int zone transfer)
      • recon_16 (bind version)
      • recon_17 (dev name)
      • recon_18 (public repos)
      • recon_19 (find email)
      • recon_20 (check branches 1)
      • recon_21 (check branches 2)
      • recon_22 (deleted file)
      • recon_23 (commit message)
      • recon_24 (assets)
      • recon_25 (S3)
      • recon_26 (JS)
  • TryHackMe Rooms
    • Basic Pentesting
    • EasyPeasy
    • Kenobi
    • Vulnversity
Powered by GitBook
On this page
  • OBJECTIVE
  • DIRECTORY LISTING
  • SOLUTION

Was this helpful?

  1. Pentesterlab Labs
  2. Recon Badge

recon_03 (directory listing)

Previousrecon_02 (/.well-known/security.txt)Nextrecon_04 (/admin)

Last updated 7 months ago

Was this helpful?

View the exercise here:

OBJECTIVE

For this challenge, your goal is to find a directory with directory listing in the main website for hackycorp.com.

DIRECTORY LISTING

When accessing a directory on a webserver, multiple things can happen:

  • an "index" file is present and it will get returned. N.B.: the file is not necessarily named index, this can be configured. But most of the time, the file will be named index.html

  • no "index" file is present and the webserver will list the content of the directory. This can obviously leak information.

Indexing directory can be disabled on most webservers. For example, with Apache, you need to use the option: -Indexes.

To find directories, with indexing turned on. You need to browse the source of the HTML pages and look at the directories used to store files. Once you have a list of directories, you can access each of them individually.

SOLUTION

Go to hackycorp.com > Right-click > then View Page Source

Click /images/logo.png

Then it will lead you to the site: https://hackycorp.com/images/logo.png

Erase the /logo.png in the URL - this is a classic directory listing misconfiguration

Click key.txt file to see the flag.

PentesterLab: Recon 03