Recon 03

This exercise covers directory listing

FREE
content
easy diffculty Easy difficulty
easy diffculty Less than an hour
average
completion
time
number of users completed icon 4618
completed
this exercise
Objective

For this challenge, your goal is to find a directory with directory listing in the main website for hackycorp.com.

Directory Listing

When accessing a directory on a webserver, multiple things can happen:

  • an "index" file is present and it will get returned. N.B.: the file is not necessarily named index, this can be configured. But most of the time, the file will benamed index.html
  • no "index" file is present and the webserver will list the content of the directory. This can obviously leak information.

Indexing directory can be disabled on most webservers. For example, with Apache, you need to use the option: -Indexes.

To find directories, with indexing turned on. You need to browse the source of the HTML pages and look at the directories used to store files. Once you have a list of directories, you can access each of them individually.