I am new to this kind of thing and as I’m starting to use tools like dirbuster and gobuster, etc., I’m finding myself simply guessing when it comes to which file extensions to search for. Does anyone have any suggestions for best practices? Or maybe a cheat sheet for common file extensions for certain OS’s/Servers? Or if I’m thinking about things in the wrong way please let me know how to approach this better. Thanks.
@JWindy92 said:
I am new to this kind of thing and as I’m starting to use tools like dirbuster and gobuster, etc., I’m finding myself simply guessing when it comes to which file extensions to search for. Does anyone have any suggestions for best practices? Or maybe a cheat sheet for common file extensions for certain OS’s/Servers? Or if I’m thinking about things in the wrong way please let me know how to approach this better. Thanks.
Dont give up on guesswork here. You can say things are “common” but its still a guess.
In a CTF the box creators are going to use extensions that align to their plan with the box. In the real world, anything can happen.
What this tends to mean is that you need to keep searching until you are confident you’ve exhausted the options. Here, experience, confidence and luck matter more than any list.
As a very high-level, CTF oriented, approach I’d consider:
- .txt and .pdf files most of the time
- If its a Linux box, add .php to the list
- if its a Windows box, add .asp to the list
Then decide if you need to include .doc, .docx, .aspx, .xls, .xlsx, .rtf, .bak as they have all been used on HTB boxes. There will certainly be more (.xml, .xsl, .phptml etc)
Realistically, I tend to start with directories only. If that doesn’t work and I’ve got nothing else to go on, I’d do a second scan for text files. Then if that doesn’t work I’d add in some more extensions etc.
It’s rare to get the right wordlist and right file extension first time.
File extensions is most of the time guessing, and sometimes enumeration via source code or even url endpoint page, but indeed, depending on the server running you may want to look for particular extensions files sometimes.
For example on an IIS web server you may want to look for .asp, .aspx extension files, but it doesn’t mean that you need to neglect other extension files.
I think over time you will get an intuition for thing like this, by doing boxes, and web challenges, there is no straight part for this type of things.
Awesome, this is great. I figured there was a fair share of guesswork involved, but I knew there had to be at least a good approach, so thank you for the overview, it will be helpful