#readwise # Preignition Write-up  ## Metadata - Author: [[Hack The Box]] - Full Title: Preignition Write-up - URL: https://readwise.io/reader/document_raw_content/286437786 ## Summary Web servers are important for sharing information and files, often hosting public-facing websites. Tools like gobuster help find hidden web pages by checking various URL paths. In a scenario with a WordPress site, an administrator can access controls through a secure login page. By using default credentials, it's possible to gain access to the admin panel successfully. ## Highlights Web enumeration, specifically directory busting (dir busting), is one of the most essential skills any Penetration Tester must possess. While manually navigating websites and clicking all the available links may reveal some data, most of the links and pages may not be published to the public and, hence, are less secure. ([View Highlight](https://read.readwise.io/read/01jqa14f1n04qz9tvdp92n90rx)) ^cwc7uq --- When browsing a regular web page, we use these elements to move around on the website. However, these elements are only links to other directories containing other web pages, which get loaded in our browser as if we manually navigated to them using the URL search bar at the top of the browser screen. Knowing this, could we attempt to find any "hidden" content hosted on this webserver? The short answer is yes, but to avoid guessing URLs manually through the browser's search bar, we can find a better solution. This method is called dir busting, short for directory busting. ([View Highlight](https://read.readwise.io/read/01jqa1n6217zf7xgv0das13xqx)) ^jj9dst --- We can use the common.txt wordlist which can be downloaded from here: https://github.com/danielmiessler/SecLists/raw/master/Discovery/Web-Content/common.txt. ([View Highlight](https://read.readwise.io/read/01jqa1rkqm3bvbm1bsj9kzeda4)) ^1e31is ---