[xsan-lahci]

hello how are you today? sorry for long time not share tutorial ,i’m still busy for my habbit at university and my project .. oke i will share tutorial dirb .. dirb is not dirbuster

DIRB c0ded By The Dark Raver,dirb can bruteforce directory and file on your website lets check this out

open dirb tools ..

root@xsan:~# cd /pentest/web/dirb
[hide]root@bt:/pentest/web/dirb# ./dirb

Spoiler! :

Code:

-----------------
DIRB v2.03
By The Dark Raver
-----------------

./dirb <url_base> [<wordlist_file(s)>] [options]

========================= NOTES =========================
<url_base> : Base URL to scan. (Use -resume for session resuming)
<wordlist_file(s)> : List of wordfiles. (wordfile1,wordfile2,wordfile3...)

======================== HOTKEYS ========================
'n' -> Go to next directory.
'q' -> Stop scan. (Saving state for resume)

======================== OPTIONS ========================
-a <agent_string> : Specify your custom USER_AGENT.
-c <cookie_string> : Set a cookie for the HTTP request.
-f : Fine tunning of NOT_FOUND (404) detection.
-H <header_string> : Add a custom header to the HTTP request.
-i : Use case-insensitive search.
-l : Print "Location" header when found.
-N <nf_code>: Ignore responses with this HTTP code.
-o <output_file> : Save output to disk.
-p <proxy[:port]> : Use this proxy. (Default port is 1080)
-P <proxy_username:proxy_password> : Proxy Authentication.
-r : Don't search recursively.
-R : Interactive recursion. (Asks for each directory)
-S : Silent Mode. Don't show tested words. (For dumb terminals)
-t : Don't force an ending '/' on URLs.
-u <username:password> : HTTP Authentication.
-v : Show also NOT_FOUND pages.
-w : Don't stop on WARNING messages.
-X <extensions> / -x <exts_file> : Append each word with this extensions.
-z <milisecs> : Add a miliseconds delay to not cause excessive Flood.

======================== EXAMPLES =======================
./dirb http://url/directory/ (Simple Test)
./dirb http://url/ -X .html (Test files with '.html' extension)
./dirb http://url/ wordlists/vulns/apache.txt (Test with apache.txt wordlist)
./dirb https://secure_url/ (Simple Test with SSL)

Simple Usage dirb

Code:

root@xsan:/pentest/web/dirb:~# ./dirb http://www.target.com/

Spoiler! :

w00t we got page admin

Spoiler! :

and many more directory and file has been found

Spoiler! :

This tutorial just for education purpose only..
dont use for blackhat job #LOL , Thanks to mywisdom for tell me this tools

[/hide]

open discuss with indonesian or english language

reference > http://xsanlahci.org/2013/06/11/brutefor...with-dirb/

[achmad_zzz]

tools ini buat mengetahui website directory?

[penjamoen]

thank om , altrenatif buat nyari login admin nih mantep :-

[xsan-lahci]

tools ini buat mengetahui website directory?

iya bro bisa di gunakan untuk mencari directory website

[faizul amali]

Ini membutuhkan wordlist kan bro

[xsan-lahci]

terserah ente om boleh pakai boleh enggak dan ane pakai usage simple tanpa wordlist

[faizul amali]

Kalau gak pakai wordlist punyaku kayak gini penampakannya om

[hamdan_zenith]

ini metode bruteforce yaa om?? ada website yang ane kgak dapat directory adminnya om

[achmad_zzz]

tools ini buat mengetahui website directory?

iya bro bisa di gunakan untuk mencari directory website

wah.. kereen.. ijin coba ya kak..

[xsan-lahci]

Kalau gak pakai wordlist punyaku kayak gini penampakannya om

look my sreenshot bro i use backtrack 5R3 (More Powerfull) than kali-linux hahha

---

ini metode bruteforce yaa om?? ada website yang ane kgak dapat directory adminnya om

jiah ga semua directory admin gampang di temuin pake tools bro need more experience for find that mungkin kalo directory gampang di temuin semua website bisa dedeface hehhee