🍡Intro to Offensive Security

An introduction to ethical hacking.

"Gobuster" is a command-line application that can be used to brute force find hidden directories or pages.

The first command I used on the attackbox.

The first step I took was use the command shown above, "gobuster -u" followed by the fake site's url and "-w wordlist". Using this command showed the above output. From the output, we could see the terminal iterate through the hidden pages with the wordlist.txt file provided, which in this case gave us the pages /images and /bank-transfer.

By going to the page, http://fakebank.com/bank-transfer, we could easily see the following.

The http://fakebank.com/bank-transfer page.

From here, it was easy to transfer money from one account to the other as shown below.

The transferred amount.

Overall, this was a sweet intro box to offensive security and I enjoyed it a lot. Seeing how easy it could be for a hacker to see hidden web pages was something to note for future when I decide to build my own website one day. Using Gobuster for the first time and seeing how useful it was interesting for sure.

Last updated