On webservers, which donot have a default index (index.html, index.htm or index.php) file, when a directory on the web server is navigated to, will show up a list of all the files and folders at that particular server. This is called the Directory Listing.
There may be two responses when the index file is missing from a directory :
- It may convey a 403 forbidden error, and disallow the users to see the files and folders in that particular directory.
- It will show the contents of the directory to the user.
The situation will be decided on the configuration done in the .htaccess file (Apache server).
To display a forbidden message and disallow directory listing, just add this line to your default .htaccess file :
The directory listings, may also display server information such as :
Apache/2.2.3 (Unix) Server at adityagupta.net Port 80
If now, the attacker would like to get into the server, he would try finding a suitable exploit for the Apache version 2.2.3 running on a Unix server, and use it against adityagupta.net .
In order to allow directory listing, and at the same time, hiding your server version information, add these following lines in the httpd.conf file
With this, only Apache will be displayed in the footer with no other information attached to it.
Most of the unconfigured directory listings has the title as “Index of”.
So, in order to seach fro directory listings, you could use a query, which will search for “index of/” in its title along with your other search query.
For ex – “index of /” games
Some more interesting searches would be
“index of” “admin”
“index of” “password” or “index of /password”
“index of /files”
“index of /backup”
“index of /xampp”
“index of /passwd”
And so on.
Now suppose, I have the username and password of targetdomain.com, and I am now looking for login, One way to proceed now is “index of” “admin” to look for the admin panel, and then login with the credentials.
Also, if you are looking for directory listings with their server information in the footer, following Google dork may help you:
“Index of” “server at”
If an attacker has an exploit for Apache version 2.0.39, he now wants to find the vulnerable targets. His Google dork would be:
“Apache/2.0.39 server at”