Walking an Application - Directory

10-21-2021 Written by: ott3r


I've seen more than person get stuck on this step and wanted to make a quick post on how to do this question. I got stuck on this as well - partly because I didn't read the instructions.


The question we are having problems with is...What is the directory listing flag?


First, connect to VPN or attackbox, start the machine, and then navigate to the webpage using the assigned IP address.


Next inspect the page you can do do this via right clicking the page and choosing inspect or hit F12. If you get stuck here contact Gov. Mike Parson of Missouri as he is currently the leading browser/HTML expert. 


The key here is this sentence:


External files such as CSS, JavaScript and Images can be included using the HTML code. In this example, you'll notice that these files are all stored in the same directory. If you view this directory in your web browser, there is a configuration error. 


This should already be populated,  if not just hit refresh on the page. You'll notice here that the css files, images, etc are all stored in a folder called "assets" under the sources tab.



How do we view this folder? Let's try popping it into the address bar as <ip_address>/assets



You are on your own from here. Good luck with the rest of the room and learning path. This is one of my favorite paths so far. 


-ott3r