How to improve the speed of brute -forcing web directory

I am struggling to exploit the web direcotry of machine Sense and find that it has a rather low speed regardless of what tools I used for this exploit, I tried dirb, dirbuster, gobuster, dirsearch. Is there any way to improve the efficiency for it?

root@pentest:~# gobuster dir -k -u https://10.10.10.60/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x txt,cnf,conf
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            https://10.10.10.60/
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     cnf,conf,txt
[+] Timeout:        10s
===============================================================
2020/07/21 03:23:35 Starting gobuster
===============================================================
/themes (Status: 301)
/css (Status: 301)
/includes (Status: 301)
/javascript (Status: 301)
/changelog.txt (Status: 200)
/classes (Status: 301)
/widgets (Status: 301)
/tree (Status: 301)
/shortcuts (Status: 301)
/installer (Status: 301)
/wizards (Status: 301)

I have ran gobuster for this exploit for more than 30mins, it didn’t dig out the files I want, ANY ideas?

No, you cannot. Although I personally haven’t touched this box yet, I can say that I’ve worked on such boxes that intentionally response very slow. So, that’s probably the way you’re supposed to go through.

No idea what you meant by “exploit” in this context, but I suggest you read what an exploit is.

Type your comment> @ion0x0 said:

No, you cannot. Although I personally haven’t touched this box yet, I can say that I’ve worked on such boxes that intentionally response very slow. So, that’s probably the way you’re supposed to go through.

No idea what you meant by “exploit” in this context, but I suggest you read what an exploit is.

Sorry, I didn’t make it clear, exploit → enumerate/search
I find the problem may caused by a high delay which could jump to avg 230ms.

So that’s it, there may not have a better solution for the improvement, thank you for your reply!

Type your comment> @pgpg said:

I am struggling to exploit the web direcotry of machine Sense and find that it has a rather low speed regardless of what tools I used for this exploit, I tried dirb, dirbuster, gobuster, dirsearch. Is there any way to improve the efficiency for it?

root@pentest:~# gobuster dir -k -u https://10.10.10.60/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt -x txt,cnf,conf
===============================================================
Gobuster v3.0.1
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@_FireFart_)
===============================================================
[+] Url:            https://10.10.10.60/
[+] Threads:        10
[+] Wordlist:       /usr/share/dirbuster/wordlists/directory-list-2.3-medium.txt
[+] Status codes:   200,204,301,302,307,401,403
[+] User Agent:     gobuster/3.0.1
[+] Extensions:     cnf,conf,txt
[+] Timeout:        10s
===============================================================
2020/07/21 03:23:35 Starting gobuster
===============================================================
/themes (Status: 301)
/css (Status: 301)
/includes (Status: 301)
/javascript (Status: 301)
/changelog.txt (Status: 200)
/classes (Status: 301)
/widgets (Status: 301)
/tree (Status: 301)
/shortcuts (Status: 301)
/installer (Status: 301)
/wizards (Status: 301)

I have ran gobuster for this exploit for more than 30mins, it didn’t dig out the files I want, ANY ideas?

You could always increase the threads from 10 (default) to 100 ‘gobuster -t 100’

@pgpg said:

I am struggling to exploit the web direcotry of machine Sense and find that it has a rather low speed regardless of what tools I used for this exploit, I tried dirb, dirbuster, gobuster, dirsearch. Is there any way to improve the efficiency for it?

Increasing the threads like @acidbat suggested is probably the best but also bear in mind with lots of tools, the faster they run, the greater the chance of missing something, triggering a WAF/DDoS protection or simply overwhelming the box.

How fast do you expect the search to be?

Also, try different tools - I’ve found gobuster and dirb have wildly different speeds and often you can run wfuzz much faster than both of them. But it all still carries the caveat of the BOX has to be able to keep up with your requests. If it’s low powered and a dozen people are hammering it, the box will be slow, no matter what you try.

Have never done this particular box, but a tool I like to us for dirbusting is ffuf. Search github for “ffuf - Fuzz Faster U Fool”. In my experience so far, I thinks is a bit quicker than Gobuster, and also you can make it work recursively, which is the main reason I use it.
Mileage may vary i suppose…

Type your comment> @holeymoley said:

Have never done this particular box, but a tool I like to us for dirbusting is ffuf. Search github for “ffuf - Fuzz Faster U Fool”. In my experience so far, I thinks is a bit quicker than Gobuster, and also you can make it work recursively, which is the main reason I use it.
Mileage may vary i suppose…

Exactly the ffuf tool is really awesome. Better than gobuster, wfuzz, dirb, dirbuster, dirsearch.

@pgpg I don’t think 230 latency is poor as my latency is around 400-500ms. Since sense machine is retired already, there will be not much people working on it.

Try to increase no of threads in gobuster and perform bruteforcing.

Like @TazWake said, it is possible to miss some directories while increasing threads. So always do with two tools or more and then compare it for better results.

@pgpg said:

I have ran gobuster for this exploit for more than 30mins, it didn’t dig out the files I want, ANY ideas?

I haven’t tried Sense, so I had a quick check on a write up: Sense write-up - The Portal of Knowledge

From this, it looks like you have most of the files you should expect to find, but it also looks like there is over an hour between finding /tree/ and the text file you are looking for.

It might just be that patience is needed for this box.

Dear all,

I will try some tools/methods you suggested in the post and hopefully there’s a good solution on this case, thank you!