Directory Listing Denied, need some help here.

A hypothetical situation: I' am using random urls that I picked up from somewhere. I' am just looking for something useful and pretty much just picking around to see what I can find. Basically my goal is find something of interest. When I go to this url it says the following: DIRECTORY LISTING DENIED This Virtual Directory does not allow contents to be listed.

How do I view the directory?

…

If directory listing is turned off in apache, there is no way you can view the contents of the virtual directory. However, this is very useful because it tells you that a directory exists. From there, you can do your homework to figure what would most likely be in there and get valuable information.

or get access to the server :) and you will get the content :ninja:

Nubish question…totally not worth looking at.

clone4 wrote: or get access to the server :) and you will get the content :ninja: Will do. Access to the server…haha, I know what that means somewhere in my mind. Better do some more homework.

This isnt very easy to get through. I should have guessed considering it is a very famous site. Well I' am still trying, have the i.p. address and some other info that looks useless but maybe I can use it. Any other suggestions?

Intellitamper will usually find the files by brute force and dictioanry scan.

Coolyz, looked it up and it sounds just like what I need. Thanks for the help guys, any other ideas on what I can do? Just exploring every possibility should I come across something like this again.

K_I_N_G wrote: I should have guessed considering it is a very famous site. Or how about you just stop now because you don't know what you are doing…

If you want to learn, great. Stick around here and learn a bit about internet security, it can be your launching point. But having the mindset that you are some l33t h4x0r that is going to go pwn the gibsons, when in fact you don't even know what directory traversal is and think that having a websites ip address means something, makes you look dumb.

Take a step back. Read a little bit. And drop the l33t h4x0r attitude.

you can scan ports, try if ftp has anonymous login, you can try BTforce it ;) also it might be running CMS, or some vulnerable modules, getting it on 0day, but if it's some big site, I doubt that you will actually get some sensible results, but don't want to discourage, keep on working

This was a nub thing so I had to edit it haha.

zeus_the_moose wrote: [quote]K_I_N_G wrote: I should have guessed considering it is a very famous site. Or how about you just stop now because you don't know what you are doing…

If you want to learn, great. Stick around here and learn a bit about internet security, it can be your launching point. But having the mindset that you are some l33t h4x0r that is going to go pwn the gibsons, when in fact you don't even know what directory traversal is and think that having a websites ip address means something, makes you look dumb.

Take a step back. Read a little bit. And drop the l33t h4x0r attitude.[/quote] Yeah I feel ya man. Just thinking the best way to do it is throw myself into the shark tank and find a way out. Risk it all and you learn a lot faster. Haha, or maybe I' am just crazy but yeah I'll definitely be working on something else AFTER I finish what I started.

K_I_N_G wrote: I used IntelliTamper and not much showed up cept I got the following: Options/cookies/content: user=mickeymouse So is this all that page was holding? Seems like it wasnt holding much so is it more probably that there is something else or that this is all that it holds? (sorry for the nub questions. working on learning by just doing it)

You gotta configure it to do a dictionary/brute force attack. Go to file>options files and folders and make sure perform dictionary scan is on, scan parent folders of startup, and no case distinction. And yes, this will uncover all the files in the directory.

Thanks a lot man :D