Name HTTP Method Enumeration

URL https://attackdefense.com/challengedetails?cid=1802

Type Webapp Pentesting Basics

Important Note: This document illustrates all the important steps required to complete this lab.
This is by no means a comprehensive step-by-step solution for this exercise. This is only
provided as a reference to various commands needed to complete this exercise and for your
further research on this topic. Also, note that the IP addresses and domain names might be
different in your lab.

In this exercise, we will take a look at how to use burp suite and curl to enumerate the HTTP
Methods supported by various web pages. ​ ​Inspecting the web application.

Inspecting the web application.

There are two new links which can be followed from the home page. The login link on the
navigation bar and the blog post. The login link redirects to "login.php" and the Blog link
redirects to "post.php"

Step 1: ​Following Links: Click on the login Link.

The login page contains a form.

Step 2: ​Identify the endpoint which processes the form fields. Right click on the web page and
click on the view source.
The parameters are passed in POST request to the same "login.php" page.

Step 3: ​Login to the web application with the provided credentials.

Username: ​john
Password:​ password
After login instead of the login link "Welcome John" message is displayed.

Step 4: ​Follow the remaining link. Click on the blog post.

The Web pages which can be accessed by following the links are: index.php, login.php and
post.php.

Using dirb to identify hidden directories.

Command: ​dirb ​http://192.45.178.3

The directories which are present on the server are css, img, js, mail, uploads and vendor.

Interacting with the home page with CURL.

Step 1: ​Sending GET request:

Command: ​curl -X GET 192.45.178.3

Step 2: ​Sending HEAD request

Command: ​curl -I 192.45.178.3

Step 3: ​Sending OPTIONS request.

Command: ​curl -X OPTIONS 192.45.178.3

The supported methods are GET, HEAD and OPTIONS. Accessing the web page should
produce an error

Step 4: ​Sending POST Request.

Command: ​curl -X POST 192.45.178.3

Step 5: ​Sending PUT Request

Command: ​curl -XPUT 192.45.178.3

Interacting with the login.php page with CURL.

Step 1: ​Sending OPTIONS Request

Command: ​curl -X OPTIONS 192.45.178.3/login.php

The allowed methods include: GET,POST,HEAD,OPTIONS.

Step 2: ​Sending POST Request.

Command: ​curl -X POST 192.45.178.3/login.php

Unlike the home page (index.php). The login page supports POST method.

Step 3: ​Passing the username and password to the login.php page.

Command: ​curl -X POST 192.45.178.3/login.php -d "name=john&password=password" -v

The login page returned a different response than before. The response contains 302 redirect.

Interacting with the post.php page with CURL.

Step 1: ​Sending OPTIONS request.

Commands: ​curl -X OPTIONS 192.45.178.3/post.php

Similar to login.php, post.php has GET, POST, HEAD and OPTIONS method enabled.

Interacting with uploads directory

Step 1: ​Checking the content of /uploads directory.

Step 2: ​Sending OPTIONS request to /uploads directory.

Commands:
curl -X OPTIONS 192.45.178.3/uploads/
curl -X OPTIONS 192.45.178.3/uploads/ -v

The Webdav module is enabled on the Apache Server, Webdav module allows file upload via
PUT method.

Step 3: ​Uploading a file with PUT method.

Commands:
echo "Hello World" > hello.txt
curl 192.45.178.3/uploads/ --upload-file hello.txt
Step 4: ​Checking content of /uploads directory.

The file "hello.txt" was uploaded successfully.

Step 5: ​Using the DELETE method to delete the file.

Command: ​curl -XDELETE 192.45.178.3/uploads/hello.txt

Step 6: ​Checking the content of /uploads directory.

The file was deleted successfully.

Interacting with the web page with Burp Suite

Step 1: ​Set the FoxyProxy to use the bup proxy. Click on the Fox icon and select "Burp Suite"
Step 2: ​Start burp suite. Reload the page and the request will be intercepted

Step 3: ​Sending request to Repeater

Repeater Tab:

Step 4: ​Sending GET Request.

Repeater Tab:
Response Tab:

Step 5: ​Sending HEAD Request

Request Tab:
Response Tab:

Step 6: ​Sending OPTIONS request.

Request Tab:

Response Tab:
Step 7: ​Sending POST request.

Request Tab:

Response Tab:
POST method is not allowed.

Step 8: ​Sending POST request to login.php with incorrect login credentials.

Request Tab:
Response Tab:

200 OK response is received.

Step 9: ​Sending POST request with valid login credentials.

Request Tab:
Response Tab:

The login credentials were correct and as a result 302 response was received to index.php.

Step 10: ​Uploading file with PUT method

Request Tab:
Response Tab:

The file was uploaded Successfully.

Check the files in /uploads directory.

Request Tab:

Response Tab:
The file "hello.txt" was uploaded successfully.

Checking Content of uploaded file.

Request Tab:
Response Tab:

Step 11: ​Deleting the File.

Request Tab:
Response Tab:

The file was deleted. Check the files in the uploads directory.

Request Tab:

Response Tab:
References:

1. Curl (​https://linux.die.net/man/1/curl​)
2. Burp Suite (​https://portswigger.net/burp/documentation/desktop/getting-started​)
3. Dirb (​https://tools.kali.org/web-applications/dirb​)