Web Server
Misc.
Online Decoder
Fingerprint
Dictionary-Brute Force
Wfuzz
** Custom dictionary file using the information found on forum.bart.htb page.**
cewl forum.bart.htb -w bart-dic.txt
tr '[:upper:]' '[:lower:]' < bart-dic.txt > bart-dic-lower.txt
hs : ignore response containing Invalid, h in this instance being hide and s is actually the regex switch in this instance.
Leaked Machine Keys
IIS
https://www.notsosecure.com/exploiting-viewstate-deserialization-using-blacklist3r-and-ysoserial-net/
Heartbleed
Reference
Seancassidy's Blog
Exploitation
Exploit: https://raw.githubusercontent.com/sensepost/heartbleed-poc/master/heartbleed-poc.py
Vhost Brute Force [ Sub-domain Enum]
wfuzz
Run
wfuzz
and fuzz theHost
HTTP header.With
wfuzz
, I’ll always start it without the hiding flag, see what the default response looks like, and then Ctrl-c to kill it, and re-run with a flag to hide the default response.For the HTTP site
--hh 178
(--hh
is hide by character length) worked, and--hh 49
on the HTTPS site
CMS
Wordpress
wpscan Registered Email :
noreply@yamaarr.com
-u : Enumerate users
Last updated