Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =[ SSL testing ]=
- ============================================================
- [*] Target is not SSL. SSL modules disabled.
- [*]
- =[ Web Server testing ]=
- ============================================================
- [*] Module auxiliary/scanner/http/http_version
- [+] 192.168.56.102:80 Apache/2.4.18 (Ubuntu)
- [*] Module auxiliary/scanner/http/open_proxy
- [*] Module auxiliary/scanner/http/frontpage_login
- [*] 192.168.56.102:80 - http://192.168.56.102/ may not support FrontPage Server Extensions
- [*] Module auxiliary/scanner/http/host_header_injection
- [*] Module auxiliary/scanner/http/drupal_views_user_enum
- [-] 192.168.56.102 does not appear to be vulnerable, will not continue
- [*] Module auxiliary/admin/http/tomcat_utf8_traversal
- [*] Attempting to connect to 192.168.56.102:80
- [+] No File(s) found
- [*] Module auxiliary/admin/http/tomcat_administration
- [*] Module auxiliary/scanner/http/options
- [*] Module auxiliary/scanner/http/robots_txt
- [*] Module auxiliary/scanner/http/scraper
- [*] Module auxiliary/scanner/http/svn_scanner
- [*] Using code '404' as not found.
- [*] Module auxiliary/scanner/http/trace
- [*] Module auxiliary/scanner/http/vhost_scanner
- [*] [192.168.56.102] Sending request with random domain tsrxt.
- [*] [192.168.56.102] Sending request with random domain vhjyJ.
- [*] Module auxiliary/scanner/http/webdav_internal_ip
- [*] Module auxiliary/scanner/http/webdav_scanner
- [*] 192.168.56.102 (Apache/2.4.18 (Ubuntu)) WebDAV disabled.
- [*] Module auxiliary/scanner/http/webdav_website_content
- [*]
- =[ File/Dir testing ]=
- ============================================================
- [*] Module auxiliary/scanner/http/backup_file
- [*] Path: /index.php
- [*] Path: /login.php
- [*] Path: /register.php
- [*] Path: /style.css
- [*] Module auxiliary/scanner/http/brute_dirs
- [*] Path: /
- [*] Using code '404' as not found.
- [*] Module auxiliary/scanner/http/copy_of_file
- [*] Path: /index.php
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '400' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Path: /login.php
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '400' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Path: /register.php
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '400' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Path: /style.css
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '400' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Using code '404' as not found.
- [*] Module auxiliary/scanner/http/dir_listing
- [*] Path: /
- [*] Module auxiliary/scanner/http/dir_scanner
- [*] Path: /
- [*] Detecting error code
- [*] Using code '404' as not found for 192.168.56.102
- [+] Found http://192.168.56.102:80/icons/ 404 (192.168.56.102)
- [+] Found http://192.168.56.102:80/images/ 404 (192.168.56.102)
- [+] Found http://192.168.56.102:80/javascript/ 404 (192.168.56.102)
- [+] Found http://192.168.56.102:80/secret/ 404 (192.168.56.102)
- [+] Found http://192.168.56.102:80/uploads/ 404 (192.168.56.102)
- [*] Module auxiliary/scanner/http/dir_webdav_unicode_bypass
- [*] Path: /
- [*] Using code '404' as not found.
- [*] Module auxiliary/scanner/http/file_same_name_dir
- [*] Path: /
- [-] Blank or default PATH set.
- [*] Module auxiliary/scanner/http/files_dir
- [*] Path: /
- [*] Using code '404' as not found for files with extension .null
- [*] Using code '404' as not found for files with extension .backup
- [*] Using code '404' as not found for files with extension .bak
- [*] Using code '404' as not found for files with extension .c
- [*] Using code '404' as not found for files with extension .cfg
- [*] Using code '404' as not found for files with extension .class
- [*] Using code '404' as not found for files with extension .copy
- [*] Using code '404' as not found for files with extension .conf
- [*] Using code '404' as not found for files with extension .exe
- [*] Using code '404' as not found for files with extension .html
- [*] Using code '404' as not found for files with extension .htm
- [*] Using code '404' as not found for files with extension .ini
- [*] Using code '404' as not found for files with extension .log
- [*] Using code '404' as not found for files with extension .old
- [*] Using code '404' as not found for files with extension .orig
- [*] Using code '404' as not found for files with extension .php
- [+] Found http://192.168.56.102:80/backdoor.php 200
- [+] Found http://192.168.56.102:80/header.php 200
- [+] Found http://192.168.56.102:80/index.php 200
- [+] Found http://192.168.56.102:80/login.php 200
- [+] Found http://192.168.56.102:80/logout.php 302
- [+] Found http://192.168.56.102:80/register.php 200
- [+] Found http://192.168.56.102:80/upload.php 302
- [*] Using code '404' as not found for files with extension .tar
- [*] Using code '404' as not found for files with extension .tar.gz
- [*] Using code '404' as not found for files with extension .tgz
- [*] Using code '404' as not found for files with extension .tmp
- [*] Using code '404' as not found for files with extension .temp
- [*] Using code '404' as not found for files with extension .txt
- [*] Using code '404' as not found for files with extension .zip
- [*] Using code '404' as not found for files with extension ~
- [*] Using code '404' as not found for files with extension
- [+] Found http://192.168.56.102:80/images 301
- [+] Found http://192.168.56.102:80/javascript 301
- [+] Found http://192.168.56.102:80/secret 301
- [+] Found http://192.168.56.102:80/uploads 301
- [*] Using code '404' as not found for files with extension
- [+] Found http://192.168.56.102:80/images 301
- [+] Found http://192.168.56.102:80/javascript 301
- [+] Found http://192.168.56.102:80/secret 301
- [+] Found http://192.168.56.102:80/uploads 301
- [*] Module auxiliary/scanner/http/http_put
- [*] Path: /
- [-] 192.168.56.102: File doesn't seem to exist. The upload probably failed
- [*] Module auxiliary/scanner/http/ms09_020_webdav_unicode_bypass
- [*] Path: /
- [-] 192.168.56.102:80 Folder does not require authentication. [200]
- [*] Module auxiliary/scanner/http/prev_dir_same_name_file
- [*] Path: /
- [-] Blank or default PATH set.
- [*] Module auxiliary/scanner/http/replace_ext
- [*] Path: /index.php
- [*] Using code '404' as not found for .bak files.
- [*] Using code '404' as not found for .txt files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .old files.
- [*] Using code '404' as not found for .htm files.
- [*] Using code '404' as not found for .ini files.
- [*] Using code '404' as not found for .cfg files.
- [*] Using code '404' as not found for .html files.
- [*] Using code '404' as not found for .temp files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .java files.
- [*] Using code '404' as not found for .doc files.
- [*] Using code '404' as not found for .log files.
- [*] Using code '404' as not found for .xml files.
- [*] Path: /login.php
- [*] Using code '404' as not found for .bak files.
- [*] Using code '404' as not found for .txt files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .old files.
- [*] Using code '404' as not found for .htm files.
- [*] Using code '404' as not found for .ini files.
- [*] Using code '404' as not found for .cfg files.
- [*] Using code '404' as not found for .html files.
- [*] Using code '404' as not found for .temp files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .java files.
- [*] Using code '404' as not found for .doc files.
- [*] Using code '404' as not found for .log files.
- [*] Using code '404' as not found for .xml files.
- [*] Path: /register.php
- [*] Using code '404' as not found for .bak files.
- [*] Using code '404' as not found for .txt files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .old files.
- [*] Using code '404' as not found for .htm files.
- [*] Using code '404' as not found for .ini files.
- [*] Using code '404' as not found for .cfg files.
- [*] Using code '404' as not found for .html files.
- [*] Using code '404' as not found for .temp files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .java files.
- [*] Using code '404' as not found for .doc files.
- [*] Using code '404' as not found for .log files.
- [*] Using code '404' as not found for .xml files.
- [*] Path: /style.css
- [*] Using code '404' as not found for .bak files.
- [*] Using code '404' as not found for .txt files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .old files.
- [*] Using code '404' as not found for .htm files.
- [*] Using code '404' as not found for .ini files.
- [*] Using code '404' as not found for .cfg files.
- [*] Using code '404' as not found for .html files.
- [*] Using code '404' as not found for .php files.
- [*] Using code '404' as not found for .temp files.
- [*] Using code '404' as not found for .tmp files.
- [*] Using code '404' as not found for .java files.
- [*] Using code '404' as not found for .doc files.
- [*] Using code '404' as not found for .log files.
- [*] Using code '404' as not found for .xml files.
- [*] Module auxiliary/scanner/http/soap_xml
- [*] Path: /
- [*] Starting scan with 0ms delay between requests
- [*] Server 192.168.56.102:80 returned HTTP 404 for /. Use a different one.
- [*] Module auxiliary/scanner/http/trace_axd
- [*] Path: /
- [*] Module auxiliary/scanner/http/verb_auth_bypass
- [*] Path: /index.php
- [*] http://192.168.56.102/ - Authentication not required [200]
- [*] Path: /login.php
- [*] http://192.168.56.102/ - Authentication not required [200]
- [*] Path: /register.php
- [*] http://192.168.56.102/ - Authentication not required [200]
- [*] Path: /style.css
- [*] http://192.168.56.102/ - Authentication not required [200]
- [*]
- =[ Unique Query testing ]=
- ============================================================
- [*] Module auxiliary/scanner/http/error_sql_injection
- [*] Path /
- [*] Path /index.php
- [*] Path /login.php
- [*] Path /register.php
- [*] Module auxiliary/scanner/http/http_traversal
- [*] Path /
- [*] Running action: CHECK...
- [-] No trigger found
- [*] Path /index.php
- [*] Running action: CHECK...
- [-] No trigger found
- [*] Path /login.php
- [*] Running action: CHECK...
- [-] No trigger found
- [*] Path /register.php
- [*] Running action: CHECK...
- [-] No trigger found
- [*] Module auxiliary/scanner/http/rails_mass_assignment
- [*] Path /
- [*] Path /index.php
- [*] Path /login.php
- [*] Path /register.php
- [*] Module exploit/multi/http/lcms_php_exec
- [*] Path /
- [*] Started reverse TCP handler on 192.168.0.160:4444
- [*] Path /index.php
- [*] Path /login.php
- [*] Path /register.php
- [*] Module auxiliary/scanner/http/blind_sql_query
- [*] Path /
- [*] [Normal response body: 4788 code: 200]
- [*] - Testing 'numeric' Parameter username:
- [*] - Testing 'numeric' Parameter password:
- [*] - Testing 'False char numeric' Parameter username:
- [*] - Testing 'False char numeric' Parameter password:
- [*] - Testing 'False num numeric' Parameter username:
- [*] - Testing 'False num numeric' Parameter password:
- [*] - Testing 'single quotes' Parameter username:
- [*] - Testing 'single quotes' Parameter password:
- [*] - Testing 'False char single quotes' Parameter username:
- [*] - Testing 'False char single quotes' Parameter password:
- [*] - Testing 'False num single quotes' Parameter username:
- [*] - Testing 'False num single quotes' Parameter password:
- [*] - Testing 'double quotes' Parameter username:
- [*] - Testing 'double quotes' Parameter password:
- [*] - Testing 'False char double quotes' Parameter username:
- [*] - Testing 'False char double quotes' Parameter password:
- [*] - Testing 'False num double quotes' Parameter username:
- [*] - Testing 'False num double quotes' Parameter password:
- [*] - Testing 'OR single quotes uncommented' Parameter username:
- [*] - Testing 'OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num OR single quotes uncommented' Parameter password:
- [*] - Testing 'OR single quotes closed and commented' Parameter username:
- [*] - Testing 'OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter password:
- [*] Path /index.php
- [*] [Normal response body: 4788 code: 200]
- [*] - Testing 'numeric' Parameter username:
- [*] - Testing 'numeric' Parameter password:
- [*] - Testing 'False char numeric' Parameter username:
- [*] - Testing 'False char numeric' Parameter password:
- [*] - Testing 'False num numeric' Parameter username:
- [*] - Testing 'False num numeric' Parameter password:
- [*] - Testing 'single quotes' Parameter username:
- [*] - Testing 'single quotes' Parameter password:
- [*] - Testing 'False char single quotes' Parameter username:
- [*] - Testing 'False char single quotes' Parameter password:
- [*] - Testing 'False num single quotes' Parameter username:
- [*] - Testing 'False num single quotes' Parameter password:
- [*] - Testing 'double quotes' Parameter username:
- [*] - Testing 'double quotes' Parameter password:
- [*] - Testing 'False char double quotes' Parameter username:
- [*] - Testing 'False char double quotes' Parameter password:
- [*] - Testing 'False num double quotes' Parameter username:
- [*] - Testing 'False num double quotes' Parameter password:
- [*] - Testing 'OR single quotes uncommented' Parameter username:
- [*] - Testing 'OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num OR single quotes uncommented' Parameter password:
- [*] - Testing 'OR single quotes closed and commented' Parameter username:
- [*] - Testing 'OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter password:
- [*] Path /login.php
- [*] [Normal response body: 4314 code: 302]
- [*] - Testing 'numeric' Parameter username:
- [*] - Testing 'numeric' Parameter password:
- [*] - Testing 'False char numeric' Parameter username:
- [*] - Testing 'False char numeric' Parameter password:
- [*] - Testing 'False num numeric' Parameter username:
- [*] - Testing 'False num numeric' Parameter password:
- [*] - Testing 'single quotes' Parameter username:
- [*] - Testing 'single quotes' Parameter password:
- [*] - Testing 'False char single quotes' Parameter username:
- [*] - Testing 'False char single quotes' Parameter password:
- [*] - Testing 'False num single quotes' Parameter username:
- [*] - Testing 'False num single quotes' Parameter password:
- [*] - Testing 'double quotes' Parameter username:
- [*] - Testing 'double quotes' Parameter password:
- [*] - Testing 'False char double quotes' Parameter username:
- [*] - Testing 'False char double quotes' Parameter password:
- [*] - Testing 'False num double quotes' Parameter username:
- [*] - Testing 'False num double quotes' Parameter password:
- [*] - Testing 'OR single quotes uncommented' Parameter username:
- [*] - Testing 'OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num OR single quotes uncommented' Parameter password:
- [*] - Testing 'OR single quotes closed and commented' Parameter username:
- [*] - Testing 'OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter password:
- [*] Path /register.php
- [*] [Normal response body: 4328 code: 302]
- [*] - Testing 'numeric' Parameter username:
- [*] - Testing 'numeric' Parameter password:
- [*] - Testing 'False char numeric' Parameter username:
- [*] - Testing 'False char numeric' Parameter password:
- [*] - Testing 'False num numeric' Parameter username:
- [*] - Testing 'False num numeric' Parameter password:
- [*] - Testing 'single quotes' Parameter username:
- [*] - Testing 'single quotes' Parameter password:
- [*] - Testing 'False char single quotes' Parameter username:
- [*] - Testing 'False char single quotes' Parameter password:
- [*] - Testing 'False num single quotes' Parameter username:
- [*] - Testing 'False num single quotes' Parameter password:
- [*] - Testing 'double quotes' Parameter username:
- [*] - Testing 'double quotes' Parameter password:
- [*] - Testing 'False char double quotes' Parameter username:
- [*] - Testing 'False char double quotes' Parameter password:
- [*] - Testing 'False num double quotes' Parameter username:
- [*] - Testing 'False num double quotes' Parameter password:
- [*] - Testing 'OR single quotes uncommented' Parameter username:
- [*] - Testing 'OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num OR single quotes uncommented' Parameter password:
- [*] - Testing 'OR single quotes closed and commented' Parameter username:
- [*] - Testing 'OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num OR single quotes closed and commented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes uncommented' Parameter password:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False char hex encoded OR single quotes closed and commented' Parameter password:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter username:
- [*] - Testing 'False num hex encoded OR single quotes closed and commented' Parameter password:
- [*]
- =[ Query testing ]=
- ============================================================
- [*]
- =[ General testing ]=
- ============================================================
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- Launch completed in 489.55383491516113 seconds.
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- [*] Done.
Add Comment
Please, Sign In to add comment