Access Denied Information gathering thought

In today’s security aware age, it’s important to reflect on past mitigation’s and see if we can improve them.

 

Whilst doing recon on this WordPress install I realised that my nginx installation was returning very identifiable responses to directory traversal and directory fuzzing attack. In that it would respond with a 404 if the folder or file wasn’t there, and a 403 if the folder or file was present but unauthorised to access.

This got me thinking that a simple program I could make to crawl files and directories could simply be taught to map out files not by sitemaps or html links but by the HTTP response codes.

Perhaps a better solution for nginx and all other vendors for that matter (ASP.NET etc), is that their deny directory traversal modules would simply respond with a 404 at all times if the absolute path was not given.

Leave a Reply

Your email address will not be published.