53 - Web Hacking - Enigma Group

EG Information

Main Index

EG Manual

Disclaimer

Legal Information

Hall of Fame

Hall of Shame

Member Rankings

Members List

Meet the Staff

Training Missions

Read Me First

Basic Skills

Realistic Scenarios

Cryptography

Software Cracking

Linux ELF Binary Cracking

Logical Thinking

Programming

Captcha Cracking

Patching

Steganography

Deface This Wall

/dev/null

/dev/urandom

/dev/extra

Knowledge Bank

Discussion Forums

Exploit Database

PasteBin

RSS Feeds

Articles / Tutorials

Videos

Online EG MP3 Player

Downloads

Tools

Code Resources

Submit Code

Ajax

ASM

Bash

CPP

Csharp

Delphi

Haskell

Java

Javascript

Jython

Lisp

mIRC

MySQL

Perl

PHP

Python

QBASIC

VisualBasic

Pimp Us Out!

Has Enigma Group Helped You? Then Help Us By Advertising For Us. Place One Of The Following Images On Your Site And Create A Link Back To Enigma Group.

Affiliates

Enigma Group's Articles

Return to Category Selection

Use of Drectory Transversal - Submitted By: IAns 2008-08-19 12:00:39

Okay, This is my first article, So here I go.

Table of contents:
1 What is Directory Transversal
2 Finding disallowed pages
3 Using Directory Transvereal to access said pages

1 What is Directory Transversal
Directory Transversal allows you to change what directory you are located in by typing in the URL bar. This allows you to access pages you normally can't on an insecure webpage.
2 Finding disallowed pages
This is quite simple. Go to the main page and type in:CODE:

http://Http://www.[hostname].ext/robots.txt
In this textfile, you will see something that looks like this: CODE:

User-agent: *
Allow: /searchhistory/
Disallow: /news?output=xhtml&
Allow: /news?output=xhtml
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Disallow: /nwshp
Disallow: /?
Disallow: /addurl/image?
Disallow: /pagead/
Disallow: /relpage/
Disallow: /relcontent
Disallow: /sorry/
Disallow: /imgres
Disallow: /keyword/
Disallow: /u/

Also, theUser-agent: *
Allow: /searchhistory/
Disallow: /news?output=xhtml&
Allow: /news?output=xhtml
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Disallow: /nwshp
Disallow: /?
Disallow: /addurl/image?
Disallow: /pagead/
Disallow: /relpage/
Disallow: /relcontent
Disallow: /sorry/
Disallow: /imgres
Disallow: /keyword/
Disallow: /u/
User-Agent can be something else then* this means all. This can be a type of webbrowser. That would block the user agent.

3 Accessing the pages
now to access the page here is the first step
Getting denied:
Type a directory that comes after CODE:
Disallow:

Chances are, you will get denied.
To get access you could see if you can mod your cookie, but that's not what I'm talking about.
Now type in the same directory as before, but add /Abunchofrandomletters&symbols
It should look like this: CODE:
[host]/disalloweddirectory/abucnhofrandomletters&symbols

This will give you an error saying not found. Good.
Now for the Directory Transversal part: CODE:
[host]/disalloweddirectory/abucnhofrandomletters&symbols/../

You should have noticed the /../ That is the Directory Transversal part.
What this does is send you back one dorectory, and if the website is insecure, then you can get access to the Disallowed area.
This doesn't work with just about every popular site, but works with privately owned sites written by n00bs that think they are elite.

Oh Yeah.

Return to Category Selection

Comment By: computerbp13 2010-09-06 19:47:12

Yes, looking into the robots.txt file is a good way to find directories that you shouldn't be in. But there really is no point to the directory traversal here. The last time I checked, there is no browser that obeys the robots.txt. I would try the directories first. If they didn't work (let's say you got a 403 Forbidden), then try the traversal. It might work, but chances are the server is running Apache. If it is, I believe the traversal won't work.

If you wish to submit a comment, you must be a registered member and logged in.

Login or Register.

Return to Category Selection

Find us at Facebook! - Follow Us!

Stumble upon us! - Subscribe!

Subscribe to our feed!

Who Visited EnigmaGroup Today?

1579 Guests, 269 Users (180 Spiders)
TheHarrisonW, Rex_Mundi, Klosse, strudels, Obop, hkevin, JohnMalkovitzch, whoami, ellisp, Hessesian, Vreality2007, trueorfalse, whisperer, advenlydent, zach, blackknight911, ddxc, suetekh, Vengeance987, m0rt, 2345, electro-technic, riesenjoe, Bumpadjuppy, IvanDimitriev, Distorted, nmobin27, RomeoG, timetrust, 2142, 3ntr0py, BillTuer, advilapyday, lotato, lonely.connection, CloverCipher, vnd, aurena, rospark, valy1177, Blavatsky, learning, st3alth, Partisan, hackaday, K0gller, fitz, DrOptix, Jayjay, psychomarine, Vspectrum, San Marino, TinCardinal, brunoriversyhn, code-g, yshiau, Psiber_Syn, Seasharp, obencefoozy, SlayingDragons, Link-, tinuigimeni, jasonbourne, Fred, GothicLogic, somebody777, Meonkzt, CJ_Omaha, jearrorne, cls777, unsugsNashy, Balksnuntails, Sir D. Naut, batsbargy, Rik, Macabre, Nightraven, Iccyx, Repuhlsive, vipervince2002, Janomatrix, lol, veceattainc, techno, Exclaw, limited, Nikhil, evjfvir967nj, Mod777, dark_void, nermtode, Tjm, bjy1997, hecky, saraf, elprof, damoniceht, trik, jordan86, SnoopSky, dan_movie, OnetInsolefon, darkfire1515, seojlhmyrhwh, Thoplehap, MaxMeier, 1028rajeev, Abhinav2107, autotuneuser, alexelixir, Tauya, Jozinbrejl, kernel_mod, quolc, anandoump, vladavlada, Taicadine, AnnaNoult, GreenTiger, baripadatimes, Ewing, Blackbeard, thepuppeteer, BON-SELE, hak4r, Unotohumsmush, NIGHTWOLF, m4f10, avacraft, becool, thecoder, n01se, alpha1, saki, ObesseJew, ActictGlync, sajan, unicornrainbow, Domihoolbob, matt.14, max66, SnowFury, Spud101, myfabregas, Ausome1, kajman121, Frudopvia, ideveloper6, OLOLO, Bugshuppy, lamb, VagWirura, LialiTiTviors, Ordeptpen, scifics, Pozycj-Z21, Gkjt, interPuscruse, aaftab, TheCheeseDemon, blackcyxx21, jollyjimbo, N4g4c3N, rineDriekly, Rap70r, Xargos, flarornEral, ovetz13, sonu sahu, Breezy, emitleBen, Hackpad, JWTSR, nicyun, kaizo, itevainee, luke460, AverageJoe, zeratu92, litbk, Mr.Pickle, mannavard1611, LoopyLion, NexusVos, mtroscheck, burberrybagsjr, nikedunksxm, xordux, jeho, Lonewolf034, Dragonite, nhorton, Reloaded, Odile, Kaptain_k1rk, Teefelltugh, grizzly, posthuman01, jakesboy2, pwnpwnlolz, Sabo, Lakhoamnmek, Røgue, dot_Cipher, mori, snickerless1, cart1m, Xendz, KELATALFTUS, hubris, Afrika, welepocourl, carpinteyrofbt, ReottphoffBom, Reahastegah, pumashoesld, pdanielt, dmac006, DnA-Ender, Red Fox, couptupleakb, ryanjcrook, iMaxx, sh3llcod3, TimHortons, EmilaHapsaums, Feld Grau, burgeoningneophyte, Maroonhat, CookieAu, tinkansinar, Mitodina, timberlandoutletlufc, zsefvy, guccioutletox, AlexDiru, AbercrombieFitchhl, Ryuske, r0z4, slchill, kalak55, Ph4Kt480ii, beefarn, Jigoku, WrossyJes, pollolololo, ZepSung, Fragility, jell0, C9019, Othrguy, Noticon, KIKNWING, llasarus, mdubz, leah027, iellswo, MAZI_, Estilaamoli, subtentar, Trollorful, no, nas0151, Traybo, howisthechicken, thethird3y3, Somethingclever, marplusz, MSI52