OWASP Mutillidae II: Web Pwn in Mass Production
Version: 2.6.48 Security Level: 1 (Client-side Security) Hints: Enabled (1 - 5cr1pt K1dd1e) Not Logged In
Home | Login/Register | Show Popup Hints | Toggle Security | Enforce SSL | Reset DB | View Log | View Captured Data
 
Want to Help?
 
 
 
 
Directory Browsing
Expand Hints Hints and Videos
Directory Browsing
Some web servers are misconfigured and allow directory browsing. This an easy mistake to make. While most sites disable directory browsing on the "home" or root page, some allow browsing on other directories. For each folder found in the site, attempt to browse to the folder without the page name. If using grep, look for "Index Of" as a match.
OWASP Mutillidae II seems to disallow directory browsing on the root page. Try browsing to http://localhost/mutillidae. Likely this will load the home page. However, the site may not be configured perfectly. Perhaps if a folder name was known, we could try to browse to that folder (i.e. - http://localhost/mutillidae/<folder>).

If help is needed figuring out folder names, try activating hints.