We are going to use Wgel from tryhack me to test the Enumeration speeds of the three. We are going to use the same list
We will use the list usr/share/dirb/wordlists/common.txt
I copied this to common1.txt so as not to use the original
┌──(root㉿kali)-[/usr/share/dirb/wordlists]
└─# cp common.txt common1.txt
Kept only the last 1000 word of this file using the following command
┌──(root㉿kali)-[/usr/share/dirb/wordlists]
└─# echo "$(tail -1000 common1.txt)" > common2.txt
I inserted the words “sitemap” and “.ssh” randomly in the wordlist as I know these were enumerated in our WGEL machine. See the Wgel writeup for this. We are hoping to enumerate http://10.10.33.33:80/sitemap/.ssh
So now we will use usr/share/dirb/wordlists/common1.txt
The machine in try hack me is
We will use the following
gobuster dir -u http://10.10.33.33:80 -w /usr/share/dirb/wordlists/common1.txt
dirb http://10.10.33.33:80 /usr/share/dirb/wordlists/common1.txt -r
ffuf -u http://10.10.33.33:80/FUZZ -w /usr/share/dirb/wordlists/common1.txt -recursion
FFUF – 23 seconds
└─$ ffuf -u http://10.10.33.33:80/FUZZ -w /usr/share/dirb/wordlists/common1.txt -recursion
/'___\ /'___\ /'___\
/\ \__/ /\ \__/ __ __ /\ \__/
\ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
\ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
\ \_\ \ \_\ \ \____/ \ \_\
\/_/ \/_/ \/___/ \/_/
v1.5.0 Kali Exclusive <3
________________________________________________
:: Method : GET
:: URL : http://10.10.33.33:80/FUZZ
:: Wordlist : FUZZ: /usr/share/dirb/wordlists/common1.txt
:: Follow redirects : false
:: Calibration : false
:: Timeout : 10
:: Threads : 40
:: Matcher : Response status: 200,204,301,302,307,401,403,405,500
________________________________________________
.hta [Status: 403, Size: 276, Words: 20, Lines: 10, Duration: 246ms]
.htpasswd [Status: 403, Size: 276, Words: 20, Lines: 10, Duration: 254ms]
.htaccess [Status: 403, Size: 276, Words: 20, Lines: 10, Duration: 256ms]
[Status: 200, Size: 11374, Words: 3512, Lines: 379, Duration: 256ms]
index.html [Status: 200, Size: 11374, Words: 3512, Lines: 379, Duration: 238ms]
server-status [Status: 403, Size: 276, Words: 20, Lines: 10, Duration: 243ms]
sitemap [Status: 301, Size: 312, Words: 20, Lines: 10, Duration: 235ms]
[INFO] Adding a new job to the queue: http://10.10.33.33:80/sitemap/FUZZ
[INFO] Starting queued job on target: http://10.10.33.33:80/sitemap/FUZZ
.ssh [Status: 301, Size: 317, Words: 20, Lines: 10, Duration: 236ms]
[INFO] Adding a new job to the queue: http://10.10.33.33:80/sitemap/.ssh/FUZZ
Restarted machine so as to try dirb
Dirb. > 10 Minute
┌──(kali㉿kali)-[~]
└─$ dirb http://10.10.67.226:80 /usr/share/dirb/wordlists/common1.txt
-----------------
DIRB v2.22
By The Dark Raver
-----------------
START_TIME: Wed Feb 8 04:57:18 2023
URL_BASE: http://10.10.67.226:80/
WORDLIST_FILES: /usr/share/dirb/wordlists/common1.txt
-----------------
GENERATED WORDS: 4612
---- Scanning URL: http://10.10.67.226:80/ ----
^C> Testing: http://10.10.67.226:80/hipaa
┌──(kali㉿kali)-[~]
└─$
Gobuster – 2 Minutes to find the first directory only.We had to enumarate the /sitemap and found/.ssh in 10 seconds
└─$ gobuster dir -u http://10.10.67.226:80 -w /usr/share/dirb/wordlists/common1.txt
===============================================================
Gobuster v3.4
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.10.67.226:80
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/dirb/wordlists/common1.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.4
[+] Timeout: 10s
===============================================================
2023/02/08 05:11:15 Starting gobuster in directory enumeration mode
===============================================================
/.hta (Status: 403) [Size: 277]
/.htaccess (Status: 403) [Size: 277]
/.htpasswd (Status: 403) [Size: 277]
/index.html (Status: 200) [Size: 11374]
/server-status (Status: 403) [Size: 277]
/sitemap (Status: 301) [Size: 314] [--> http://10.10.67.226/sitemap/]
Progress: 4614 / 4615 (99.98%)
===============================================================
2023/02/08 05:13:08 Finished
===============================================================
============================================================
Gobuster v3.4
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url: http://10.10.67.226:80/sitemap
[+] Method: GET
[+] Threads: 10
[+] Wordlist: /usr/share/dirb/wordlists/common1.txt
[+] Negative Status codes: 404
[+] User Agent: gobuster/3.4
[+] Timeout: 10s
===============================================================
2023/02/08 05:14:56 Starting gobuster in directory enumeration mode
===============================================================
/.hta (Status: 403) [Size: 277]
/.htaccess (Status: 403) [Size: 277]
/.htpasswd (Status: 403) [Size: 277]
/.ssh (Status: 301) [Size: 319] [--> http://10.10.67.226/sitemap/.ssh/]
Progress: 682 / 4615 (14.78%)^C
[!] Keyboard interrupt detected, terminating.
The Winner is FFUF