| Author |
Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
Hi.
I just googled this list of exploits Expliots.txt.
Can any of you more experienced guys take a look at it and tell me in case it's outdated? I'm planning on making a python program that checks a certain sites for all the exploits in this list... But before I do, I need to know in case some of these actually works 
here comes 2 more:
L2_ex_list.txt
Exploit_List.txt
Edited by Demons Halo on 28-06-09 12:48 |
  
|
| Author |
RE: Exploits! |
pimpim
Member
Posts: 45
Location: Reading your /etc/shadow
Joined: 26.10.08
Rank: HBH Guru |
|
Some might still work, for example the Frontpage Extensions Exploits, but a lot of them are old CGI-scblockedripts and stuff...
Also, many of the exploits are exploits for old php3 scblockedripts, the current version of PHP is 5.2.10 wich says some about the age of that list 
Edited by pimpim on 28-06-09 11:42 |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
yeah it is old indeed that's why I wanted people to check it out xD
|
|
|
| Author |
RE: Exploits! |
Avlid
Member
Posts: 53
Location: Sweden
Joined: 24.02.09
Rank: Monster |
|
Why not exploit the places you want yourself? I Realy think thats an good idea 
|
|
|
| Author |
RE: Exploits! |
KvK
Member
Posts: 93
Location: EAX
Joined: 17.01.09
Rank: God |
|
If you need a list of vulnerabilities, OWASP has a great one that has helped me several times in the past. There is a page for each attack consisting of a brief summary as well as examples of it's use. Check it out.
http://www.owasp.org/index.php/Category:Attack
I'll post the list below for everyone to see.
(Yes, even those of you who were too lazy to click the link.)
* Account lockout attack
* Argument Injection or Modification
* Asymmetric resource consumption (amplification)
* Blind SQL Injection
* Blind XPath Injection
* Brute force attack
* Buffer overflow attack
* CSRF
* Cache Poisoning
* Code Injection
* Command Injection
* Comment Injection Attack
* Cross Site Tracing
* Cross-Site Request Forgery (CSRF)
* Cross-User Defacement
* Cross-site scblockedripting (XSS)
* Cryptanalysis
* Custom Special Character Injection
* Denial of Service
* Direct Dynamic Code Evaluation ('Eval Injection')
* Direct Static Code Injection
* Double Encoding
* Forced browsing
* Format string attack
* Full Path Disclosure
* HTTP Request Smuggling
* HTTP Response Splitting
* LDAP injection
* Man-in-the-browser attack
* Man-in-the-middle attack
* Mobile code: invoking untrusted mobile code
* Mobile code: non-final public field
* Mobile code: object hijack
* Network Eavesdropping
* One-Click Attack
* Overflow Binary Resource File
* Page Hijacking
* Parameter Delimiter
* Path Manipulation
* Path Traversal
* Relative Path Traversal
* Repudiation Attack
* Resource Injection
* SQL Injection
* Server-Side Includes (SSI) Injection
* Session Prediction
* Session fixation
* Session hijacking attack
* Setting Manipulation
* Special Element Injection
* Spyware
* Traffic flood
* Trojan Horse
* Unicode Encoding
* Web Parameter Tampering
* XPATH Injection
* XSRF
Edited by KvK on 28-06-09 16:52 |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
I love the site...
Sites like this are so awesome when it comes to explaining the vulnerability
thnx a lot for the link =D
Edited by Demons Halo on 28-06-09 21:11 |
|
|
| Author |
RE: Exploits! |
KvK
Member
Posts: 93
Location: EAX
Joined: 17.01.09
Rank: God |
|
No problem. Good luck with your web exploitation program.
|
|
|
| Author |
RE: Exploits! |
ranma
Member
Posts: 269
Location: Behind a sphere
Joined: 27.08.05
Rank: HBH Guru |
|
Avlid wrote:
Why not exploit the places you want yourself? I Realy think thats an good idea
1) It can be offered to a 3rd party to test their own website
2) Experience
3) A perfunctory check on a website before you go in and do stuff yourself
Wisdom spared is wisdom squared. |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
ranma wrote:
Avlid wrote:
Why not exploit the places you want yourself? I Realy think thats an good idea
1) It can be offered to a 3rd party to test their own website
2) Experience
3) A perfunctory check on a website before you go in and do stuff yourself
indeed =D
trying all those exploits by hand would take you ages!
|
|
|
| Author |
RE: Exploits! |
Avlid
Member
Posts: 53
Location: Sweden
Joined: 24.02.09
Rank: Monster |
|
ranma wrote:
Avlid wrote:
Why not exploit the places you want yourself? I Realy think thats an good idea
1) It can be offered to a 3rd party to test their own website
2) Experience
3) A perfunctory check on a website before you go in and do stuff yourself
Okey, good point
|
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
The lists I posted are a big outdates, yes I know But it scrolling through them made me wonder, is there many sites that still uses CGI?
From webopedia.com
A CGI program is any program designed to accept and return data that conforms to the CGI specification. The program could be written in any programming language, including C, Perl, Java, or Visual Basic.
I don't know if this is true but from what I've noticed web-developers now a days build their sites using PHP/ASP/.NET & SQL etc. It's really rare to see a site with a CGI directory anymore... Am I blind or is it truly so?
|
|
|
| Author |
RE: Exploits! |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
Demons Halo wrote:
I don't know if this is true but from what I've noticed web-developers now a days build their sites using PHP/ASP/.NET & SQL etc. It's really rare to see a site with a CGI directory anymore... Am I blind or is it truly so?
Perl is frequently used.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
spyware wrote:
Demons Halo wrote:
I don't know if this is true but from what I've noticed web-developers now a days build their sites using PHP/ASP/.NET & SQL etc. It's really rare to see a site with a CGI directory anymore... Am I blind or is it truly so?
Perl is frequently used.
I see
well I've compiled a list that contains many "url exploits". Now I was thinking of making a scblockedript that takes in every line in that list and tries it next to the site name. EX:
Site: www.hellboundhackers.org
First line: /.htaccess
Python tries: www.hellboundhackers.org/.htaccess
When python tries that url, some response will come back ofc. It might be: access denied or file not found etc.
What is the best way to sort through all those "bad responces" capturing the ones I could use? as you know there could be hundreds of different responses, so I can't tell python which ones to keep by hand. Is there some built in way to sort through such stuff?
cheers
|
|
|
| Author |
RE: Exploits! |
spyware
Member
Posts: 4190
Location: The Netherlands
Joined: 14.04.07
Rank: God
Warn Level: 90
|
|
|
Demons Halo wrote:
When python tries that url, some response will come back ofc. It might be: access denied or file not found etc.
What is the best way to sort through all those "bad responces" capturing the ones I could use? as you know there could be hundreds of different responses, so I can't tell python which ones to keep by hand. Is there some built in way to sort through such stuff?
cheers
Anything but 404 is interesting.
Also, if you're serious about making a Nessus-like scanner, be prepared for years of research before you can even attempt something like this. If you want to produce a useful scanner, that is.
I doubt you know what you have to know to build this thing.
"The chowner of property." - Zeph Widespread intellectual and moral docility may be convenient for leaders in the short term,
but it is suicidal for nations in the long term. - Carl Sagan Since the grid is inescapable, what were the earlier lasers about? Does the corridor have a sense of humor? - Ebert |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
|
I doubt you know what you have to know to build this thing.
So do I Although it's something fun to do, even if I don't get it right, I'll for sure learn more about a library or 2 ^^
besides, now that you mention it, all I need to do is isolate stuff like 404's and write the rest into a file. It seems so easy when I think about it, but I'm sure it will be a lot harder ;P
If you have some tips, don't hesitate!
|
|
|
| Author |
RE: Exploits! |
S1L3NTKn1GhT
Member
Posts: 468
Location: XXXX
Joined: 03.06.06
Rank: God
Warn Level: 10
|
|
I. Feel a another fuzzer scblockedript coming .
root@wtf.org#su - dumbass
Dude you're AWESOME!
-SystemMeltdown(MSN)
|
|
|
| Author |
RE: Exploits! |
ranma
Member
Posts: 269
Location: Behind a sphere
Joined: 27.08.05
Rank: HBH Guru |
|
|
spyware wrote:
I doubt you know what you have to know to build this thing.
Hehe, that could be said for any coding project. But just doing it gives you tons of experience and a scblockedript to base future things off of.
Wisdom spared is wisdom squared. |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
S1L3NTKn1GhT wrote:
I. Feel a another fuzzer sc blockedript coming .
to be honest I did not know what the word fuzzer means so i googled it:
A program used to generate random "fuzz" for testing purposes.
I must say THANKS! I found some useful stuff googling that word up  so far everything I found indicates that all I need to do is find a fast way to request a certain URL with the exploit from my list, filter the undesired ones, and saving the possible explots into a new file ^^
sounds like a fun project
@ranma:
exactly!!!
I like you let's get married (L)
|
|
|
| Author |
RE: Exploits! |
ranma
Member
Posts: 269
Location: Behind a sphere
Joined: 27.08.05
Rank: HBH Guru |
|
 How did you know I was single?
Wisdom spared is wisdom squared. |
|
|
| Author |
RE: Exploits! |
Demons Halo
Member
Posts: 261
Location: Sweden
Joined: 26.03.09
Rank: Hacker Level 1 |
|
ranma wrote:
How did you know I was single?
I just know *pervert smile*
On topic:
The scblockedript is ready, but there seems to be one tiny little problem! in a smaller exploit list (like 20-30 items) the scblockedript runes decently fast, but when I use the big list (LOTS OF ITEMS ) python does not respond xD
Now I was expecting this so the question is: should I set a low time out? or is there a way to make the scblockedript check if a certain URL exists REALLY FAST?
|
|
|
Main:
