You can view the list of directories by using the FTP
protocol. The “ftplib” module provides the “nlist” function that returns the
output of the “dir” command in the form of a list. The application can search
the contents of the desired directory by simply using the “nlist” function. Port
scanning can be used to confirm that an Apache server is operating over port 80,
and if there is no other changes to the settings, Apache stores the web
application under the “htdocs” directory.
Figure 16-1 FTP Directory Listing
First, login to the
FTP server using the stolen credentials and execute the function that obtains the
directory listing. If you fail to identify the web directory, sub-directories can
be listed again. While repeating the above procedure, you can acquire the web
directory information. Let's see how to conduct these procedures through
concrete example.
from ftplib import FTP
apacheDir = "htdocs"
serverName = "server"
serverID = "server"
serverPW = "server"
def getDirList(cftp, name): #(1)
dirList = []
if("." not in name): #(2)
if(len(name) == 0):
dirList = ftp.nlst() #(3)
else:
dirList =
ftp.nlst(name)
return dirList
def checkApache(dirName1, dirName2): #(4)
if(dirName1.lower().find(apacheDir) >= 0):
print dirName1
if(dirName2.lower().find(apacheDir) >= 0):
print dirName1 +"/"+ dirName2
ftp = FTP(serverName,
serverID, serverPW) #(5)
dirList1 = getDirList(ftp,
"") #(6)
for name1 in dirList1: #(7)
checkApache(name1,"") #(8)
dirList2 = getDirList(ftp, name1) #(9)
for name2 in dirList2:
checkApache(name1, name2)
dirList3 = getDirList(ftp, name1+"/"+name2)
|
To conduct a simple test, the name of the directory containing
the web services is “htdocs” and the directory list only has to be searched
through to the third level.
(1)
Declaring Function (Import List): Declare a function to import a list of
directories on a server.
(2)
Removing File Names: In general, a file has the extension following the “.”.
If a list item has a “.”, it will be skipped during the search.
(3)
Listing Import Function Call: The “nlist” function provided by the “ftplib”
module returns a directory listing in the form of a list data type.
(4)
Declaring Fuction (Listing Directory): Declare the function that receives
the list as an argument.
(5)
FTP Login: If you insert arguments into the constructor of the FTP class
that are composed of the domain name, username, and password,
it automatically creates an FTP connection and a login.
(6)
Declaring Function (Import List): Call the function that imports the top
level directory on the server in the form of a list.
(7) Loop: Perform a loop by taking the data
out of the list.
(8)
Function Call (Search Web Service Directory): Call a function to check
whether it corresponds to web directory and see the result.
(9)
Importing the Second-level List: Call the function that imports the second-level
directory list, and call the function that imports the third-level directory
inside the loop.
Python
supports various functions that can return the result in the form of a list
data type. If you learn how to compare, search, and create the list, you can
develop a Python hacking program over a short amount of time. If the name of the
web service directory changes, you can check by finding the representative programs
that are used in Apache. You can simply access a web service directory by
searching for programs such as “login.php”, “index.php”.
>>>
APM_Setup/htdocs
>>>
|
Figure 16-2 FTP Directory Listing Result
No comments:
Post a Comment