My Pentest Log -1 — (Fuzzing + Information Disclosure)
Greetings from Constantinople to all,
In my first article, I would like to talk about a file that I obtained by performing a “Fuzzing” operation on a “Directory” that I detected during an application I was doing a web security test.
Throughout the article, the application name will be specified as private.com
Detail:
1. The necessary task was shared by our project manager and the web security test of the application called “private.com” was given to me.
2. One of the first things I do during the tests is to determine which language the application is written in. The reason for this is to make our attack surface more specific by detecting which language it is written in.
3. I usually use the “Wappalyzer” plugin to detect which language it is written in.
4. After various techniques and experiences, I was able to determine through “Wappalyzer” that the application is an application based on “asp.net” and running on “IIS”. (Testing on ASP can be as difficult as calling and rescuing Ryan.)
5. After necessary detection, I started “directory fuzzing” to search commonly used directories in asp and IIS.
6. After the directory fuzzing process, I discovered the “/aspnet_client/system_web/” directory, which I usually come across in every “IIS” fuzzing process, but as always, I got a return as “403 Forbidden”.
7. I did some research on how to do fuzzing on the “/aspnet_client/system_web/” directory on Google and came across the files at the address “Ref: http://itdrafts.blogspot.com/2013/02/aspnetclient-folder-enumeration-and.html" output.
8. I tried on the “/aspnet_client/system_web/FUZZ” directory by combining the files specified in the reference address and was able to access some files.
In summary:
If possible, definitely go over the files that you get a 403 response, maybe you can detect information leaks at the end of the day.