切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
339 Web Fuzzing : Wapiti 2 后台[复制链接]
发表于 2012-11-1 20:16:25 | 显示全部楼层 |!read_mode!
需要验证COOKIES的扫描

成一个COOKIES验证的PY脚本 前提你要知道帐号密码
  1. root@Dis9Team:/pen/web/wapiti-2.2.1/src/net# python getcookie.py wp http://fuzzexp.org/wp-login.php
  2. File not found, creating...
  3. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027977%7C29401a3f732057adea856b80bd1a12e4
  4. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027977%7C29401a3f732057adea856b80bd1a12e4
  5. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027977%7C29401a3f732057adea856b80bd1a12e4
  6. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027977%7C29401a3f732057adea856b80bd1a12e4
  7. wordpress_logged_in_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027977%7C7dfa4f2b77c700971b55df469675f7f2
  8. wordpress_logged_in_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027977%7C7dfa4f2b77c700971b55df469675f7f2
  9. wordpress_test_cookie = WP+Cookie+check
  10. wordpress_test_cookie = WP+Cookie+check
  11. Please enter values for the folling form :
  12. url = http://fuzzexp.org/wp-login.php
  13. rememberme (forever) :
  14. pwd (on) :
  15. log (on) :
  16. redirect_to (http://fuzzexp.org/wp-admin/) :
  17. wp-submit (登录) :
  18. testcookie (1) :
  19. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027988%7C68d70b29713491f92b6a80a7d5362b62
  20. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027988%7C68d70b29713491f92b6a80a7d5362b62
  21. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027988%7C68d70b29713491f92b6a80a7d5362b62
  22. wordpress_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027988%7C68d70b29713491f92b6a80a7d5362b62
  23. wordpress_logged_in_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027988%7C84b01e06b63c657658a993b0704f4ab4
  24. wordpress_logged_in_ee179f7be58b738e448e7d7a9e3a0a3c = %7C1352027988%7C84b01e06b63c657658a993b0704f4ab4
  25. wordpress_test_cookie = WP+Cookie+check
  26. wordpress_test_cookie = WP+Cookie+check
复制代码


生成COOKIES方便后台扫描

  1. root@Dis9Team:/pen/web/wapiti-2.2.1/src/net# cat wp
  2. <?xml version="1.0" encoding="UTF-8"?>
  3. <cookies>
  4.   <domain name="org">
  5.     <domain name="fuzzexp">
  6.       <cookie expires="1352056788.0" name="wordpress_ee179f7be58b738e448e7d7a9e3a0a3c" path="/wp-admin" value="%7C1352027988%7C68d70b29713491f92b6a80a7d5362b62" version="0"/>
  7.       <cookie expires="1352056788.0" name="wordpress_logged_in_ee179f7be58b738e448e7d7a9e3a0a3c" path="/" value="%7C1352027988%7C84b01e06b63c657658a993b0704f4ab4" version="0"/>
  8.       <cookie name="wordpress_test_cookie" path="/" value="WP+Cookie+check" version="0"/>
  9.     </domain>
  10.   </domain>
复制代码


载入COOKIES设置

  1. python wapiti.py 地址 -c COOKIES文件 -x 退出登录地址
复制代码


这里的-X是排除登陆链接 避免COOKIES失效
参考:
  1. root@Dis9Team:/pen/web/wapiti-2.2.1# pwd
  2. /pen/web/wapiti-2.2.1
  3. root@Dis9Team:/pen/web/wapiti-2.2.1# cat example.txt
复制代码

这个文本里面有例子 不过获取COOKIES经常出错 把提交表单当成输入值lswww.py
扫提交表单的
  1. root@Dis9Team:/pen/web/wapiti-2.2.1/src/net# python2.6 lswww.py http://fuzzexp.org
  2. .....^C
  3. Notice
  4. ========
  5. Scan stopped, the data has been saved in the file /pen/web/wapiti-2.2.1/src/scans/fuzzexp.org.xml
  6. To continue this scan, you should launch Wapiti with the "-i" parameter

  7. + URLs:

  8. http://fuzzexp.org/


  9. http://fuzzexp.org/feed


  10. http://fuzzexp.org/link


  11. http://fuzzexp.org/wp-login.php


  12. http://fuzzexp.org/wp-login.php?action=register

  13. + Forms Info:
  14. From: http://fuzzexp.org/wp-login.php?action=register
  15. To: http://fuzzexp.org/wp-login.php?action=register
  16.         user_login : on
  17.         wp-submit : 注册
  18.         redirect_to : on

  19. From: http://fuzzexp.org/wp-login.php
  20. To: http://fuzzexp.org/wp-login.php
  21.         rememberme : forever
  22.         pwd : on
  23.         log : on
  24.         redirect_to : http://fuzzexp.org/wp-admin/
  25.         wp-submit : 登录
  26.         testcookie : 1
复制代码





操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-10-2 03:28

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部