🩸
Pentesting Notes
  • ㊙️r3dcl1ff
    • 🔬Enumeration
      • FTP 21
      • SSH 22
      • Telnet 23 - 2323
      • SMTP 25
      • DNS 53
      • 80 http
        • /phpbash.php
        • inspecting source | Devtools
        • toolbar that allows to run commands on target
        • Wordpress Enumeration
          • Extra commands
          • WPScan one-liners
          • Plugins & Themes exploitation
            • AdRotate
            • Tsumugi 404.php
            • Twentytwenty (Theme)
            • Woody AD Snippets
            • Activity monitor 2
            • wp.spritz
            • Social Warfare
            • Mail Masta 1.0
            • Twentyfourteen
          • CVE-2020-35489 Contact Form 7
          • one-liners
          • CVE-2023-23488
          • nmap
          • Common directories
          • MoveStore API Auth bypass
        • Drupal
        • Koken CMS
        • Codiad
        • /.git
        • Subrion CMS 4.2.1
        • Fuel CMS
        • phpmyadmin
        • /cgi-bin Shellshock
        • Sar2HTML
        • Cute News
        • Nagios
        • Joomla
        • advanced_component_system
        • webdav
        • OTRS 5.0
        • Apache James
        • Ovidentia
        • Cuppa CMS
        • Phreebooks
        • Elastix 2.2.0
        • ApPHP MicroBlog
        • MongoDB 2.2.3
        • CMS Made Simple 2.2.13
        • Jinja2
        • Webmin
        • robots.txt
        • BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0
        • Squid proxy
        • simfony CMS
        • C-Panel Reflected XSS - CVE-2023-294
        • vBulletin <= 5.6.9: Pre-authentication Remote Code Execution
      • 88 Kerberos
      • Pop 110-995
      • RPC 111
      • Ident 113
      • NNTP 119
      • NETBios 137-138
      • SMB-Samba 135-139 445
      • MSRPC 135
      • SNMP 161
      • LDAP - 389,636
      • Modbus 502
      • OpenSSL 1337
      • Ms-SQL 1433
      • Oracle Listener 1521 1522 1529
      • NFS 2049
      • MySql 3306
      • RDP 3389
      • ADB Android Debug Bridge 5555
      • WinRM 5985 5986
      • VNC 5800 5900
      • Redis 6379
      • Unreal IRC 6667
      • Tomcat 8080
      • MongoDB 27017
      • Webapp Enum Methodology
      • IIS
    • 🧨Exploitation (deprecated node)
      • Password cracking
        • common passwords
        • online resources
        • hashID
        • john
        • Hashcat
        • Cewl
        • Cupp
        • Hydra
        • fcrackzip
        • Medusa
        • Bash for password creation | cracking
        • Cracking netcat connection
        • Crunch
        • haklistgen
      • Data wrappers
      • Reverse shells
      • Client side attacks
        • msfvenom hta attack
        • MSOffice macro attack
          • Metasploit Office Macro
        • HTML application attack
      • Log poisoning
      • 📡Wireless attacks
      • DoS Denial of Service
      • Microsoft Exchange Pentesting
    • 🈲Privesc
      • sudo + GTFObins
        • sudo /bin/bash
        • /bin/rpm
        • /usr/bin/gdb
        • /usr/bin/php7.2
        • sudo -u#-1 /bin/bash
        • jjs
        • /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64/jre/bin/java
        • /usr/bin/vim
        • /usr/bin/tee
        • /usr/bin/nice
        • /usr/bin/dd
        • nmap
        • /usr/bin/zip
        • /usr/bin/date
        • /usr/bin/base32
        • /usr/sbin/hping3
        • /usr/bin/cpulimit
        • /usr/bin/python
        • /etc/passwd
        • echo /bin/bash to executable file
        • /usr/bin/find
        • sudo_inject
        • /bin/systemctl
        • less
        • /bin/ash
        • awk
        • scp
        • man
        • ftp
        • knife
        • /usr/sbin/iftop
        • /usr/bin/nano
        • ed
        • openssl (read file)
        • tar
        • flock
        • expect
        • socat
        • Perl
        • /usr/bin/env
        • strace
      • Docker privilege escalation
      • Kernel Exploits
        • Compiling - General guidelines
        • Linux Kernel < 4.13.9 (Ubuntu 16.04 / Fedora 27)
        • LXD - Alpine
        • Serv-U FTP Server < 15.1.7
        • [CVE-2016-5195] dirtycow 2
        • Linux Kernel 2.6 < 2.6.19 (White Box 4 / CentOS 4.4/4.5...)
        • Linux Kernel 2.6.39 "Mempodipper"
        • Samba 2.2.x - Remote buffer overflow
        • Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' /proc/self/mem Race Condition (Write Access Method)
        • Full Nelson
        • Exim 4.84-3 - Local Privilege Escalation
        • Clown NewUser|Linux 3.0<3.3.5|
        • fasync_helper|Linux Kernel <2.6.28
        • NFS no_root_squash/no_all_squash
      • 'Nix manual enumeration
      • File transfers
        • Windows file transfers
          • Certutil
          • VBScript
          • Powershell
          • pyftpdlib
          • impacket
          • exe2hex
          • php exfil | Win --> Kali
          • http transfers
        • 'Nix file transfers
      • Windows enumeration
        • Automated scripts
      • Wordpress privesc
      • OpenSSL privesc
      • Privesc scripts | resources
        • Linux Exploit suggester
        • Vulmap
      • vi
    • 🖥️CLI-Fu
      • Moving around
      • mkdir
      • find sort grep uniq awk
      • head tail sed cut
      • tar-zip
      • Fucking Vim
      • 'Nix | Windows CLI comparison
    • 🎯OSINT
      • 📧Email OSINT
        • HaveIbeenPWND
        • TheHarvester
        • O365
        • Suspicious Email analysis
          • Websites
        • H8mail
      • Recon-NG
      • 🥋Shodan
        • Ransomware search
        • Shodan Galore
        • Assorted queries (short)
        • Mindmap
        • ⛓️Compound commands
        • Assorted tricks for BBP
      • 🕸️Spiderfoot
      • Metagoofil
      • Websites
        • Fofa
      • ℹ️Favicon OSINT
      • Username Enum
        • Nexfil
        • Blackbird
        • Sherlock
        • DetectDee
      • Greynoise
      • 🗣️ChatGPT Jailbreaks
      • Postman
        • Postmaniac
        • Porch-Pirate
      • Google dorks
        • Basic Dorks
        • Dorks -Bug bounty edition-
        • Extra dorks
        • Automated tools
          • 🐚Shell script for automated dorking
          • GooFuzz
          • go-dork
      • SOCMINT
        • U-Scrapper
        • Telegram OSINT
        • one-plus OSINT
      • Censys
      • ☎️Phone OSINT
    • 🛠️Tools
      • netcat
      • ncat
      • Socat
      • 💻Assorted scripts
        • Buffer Overflows
          • Windows Bof
        • Mitigation script CVE 2022-41040
      • Bash Voodoo
      • 🦈Wireshark
      • Aircrack-ng
      • TCPDump
      • cloudflare Bypass
      • Shuffledns
    • 🟦Active Directory
      • Enumeration
        • ADRecon.ps1
        • Power View
        • Manual Enum basics
        • 🦮Bloodhound
      • Mimikatz
      • 🐺kerberoasting
      • Pass-the-hash
    • 🪓Sysadmin
      • Pimp my kali
      • Random commands
    • 🗒️Pentesting Checklist(s)
      • 🏢Internal Pentest Checklist
        • Rules of engagement
        • Recon
        • Social Engineering
          • Phishing
            • Evilurl
            • Sendemail
            • urlcrazy
            • Website Cloning
            • Detect Phishing sites in real time
            • Homograph attacks
              • DNSTwist
            • URL Masking
            • Email OSINT
            • Test deliverability before campaign
            • Spoofing with python
            • Deepfake
            • HTML Templates
              • Win10 simple html
    • 🕷️WebApp Pentest
      • Vuln scanners
        • Tenable Nessus
        • Sn1per
        • OpenVAS
        • nuclei
        • 🕷️Black Widow
        • Cariddi
        • 🤖BBOT
      • Attack Surface Recon
        • Subdomain-enum
          • Scilla
          • Amass
          • Sublist3r
          • Assetfinder
          • Subfinder
        • DNS permutations
          • PureDNS
          • TLSx
          • MassDNS
          • AltDNS
          • shuffleDNS
          • DNSValidator
        • Legacy tools
          • Fierce
          • DNS Recon
          • Dig
          • DNSAudit
        • Hakluke
          • Hakrevdns
          • hakip2host
          • Hakoriginfinder
        • ffuf
        • One liners
        • Wordlists and Resolvers
        • IPinfo
        • 🧾Scripts
          • TLD enum Script
          • Bugbounty Subdomain enum script
        • 🇳🇴gungnir
        • NMAP
        • Hednsextractor
        • Caduceus
      • Port scanning
        • NMAP
        • Naabu
        • masscan
        • nmapAutomator
        • smap (shodan Nmap)
      • Subdomain Bruteforcing + crawling
        • Katana
        • LogSensor
        • jsubfinder
      • File inclusion
        • Liffy
        • LFISuite
        • CRLFI
        • LFI - Theory & basic commands
        • RFI - Theory & basic commands
        • one liners
        • HTTPX
        • Dorks
      • ⏪Traversal
        • Path Traversal
          • Windows Directory traversal
          • Linux Directory traversal
        • dotdotPWN
      • Content Discovery
        • gobuster
        • dirb
        • Gospider
        • Hakrawler
        • webpalm
        • OpenDoor
        • Feroxbuster
        • httpx
        • JS File Analysis and Scraping
      • Fuzzing
        • wfuzz
        • ffuf
        • Fuzzing Wordlists
        • Fuzzuli (fuzz backup files)
        • find hidden directories
        • Headers Fuzzing (headerpwn)
      • Parameters
        • Arjun
        • Paramspider
        • X8
      • Open redirect
        • Oralyzer.py
        • Dom-Red
        • OpenRedireX
        • Dorks
      • HTTP Request Smuggling
        • smuggler
        • http-request smuggler
        • h2csmuggler
      • Server Side Request Forgery
        • SSRFMap
        • 🏄‍♂️Surf
        • one-liners
        • Top parameters
        • Dorks
      • 💉SQLi
        • SQLi (Manual testing)
          • Login bypass
          • URL enum
          • Oracle SQLi
          • SQLi to code execution
          • Ghauri
        • SqlMap
        • One-liners
        • CVEs
          • CVE-2023-25157: CVE-2023-25157 - GeoServer SQL Injection
        • Dorks
      • XSS Cross Site Scripting
        • XXS manual testing
        • PWN-XSS
        • 🦊Dalfox
        • PrototypePollution to XSS
        • one-liners
        • Gxss
        • XSStrike
        • Embed XSS payload into image file
        • WAF Bypass 2024
          • Extra payloads
        • Knoxss + knoxsnl
        • Dorks
      • Links
        • GAU Get All URLs
        • Waybackurl
      • Git
        • gitjacker
        • github-subdomains
        • GitGot
        • 🐗Trufflehog
        • Github-Dorks
        • git-dumper
      • Text manipulation
        • qsreplace (Tomnomnom)
        • anew (Tomnomnom)
        • Jq (JSON parser)
        • Urldedupe
        • Gf
      • CORS
        • Corsy COR misconfigs scanner
        • One-liners
        • CORScanner
      • CSRF Cross Site Request Forgery
        • XSRFProbe
      • Assorted
        • CMSMap
        • Mantra (secrets crawler)
        • CMSeek
        • web-screenshots using nuclei
        • SecretsFinder
      • Screenshots
        • 🌊Aquatone
        • gowitness
      • Command Injection
        • Commix
      • SSTI
        • SSTIMap
      • IDOR
      • Bypass 40X
        • 403Jump
        • nomore403
      • Subdomain Takeover
        • NTHIM Now The Host Is Mine
        • Subzy
      • Headers Security
        • Hauditor
        • Header injection (Headi)
        • Manual checks
      • 🐝API pentesting
        • Swagger Jacker
        • Google Dorks
      • RCE
    • 🌩️Cloud
      • Enum
        • 👿Tenant Hunter (Azure specific)
        • S3scanner
        • Cloud_enum
        • BucketLoot
    • 🧠Threat Intel
      • 🌑Darknet + Tor resources
        • deepDarkCTI
        • Awesome darknet
        • 👿TheDevilsEye
        • Dark Web OSINT tools
        • DarknetEye - Tor Links
        • Ransomware TTPs
        • APTs resources
      • Interactive maps
        • APT map
        • Shodan ICS attack map
        • Global data on ransomware attacks
      • Malware analysis
        • Cuckoo
      • Phishing URL check
    • 📟IoT / IIoT
      • Github Repos
      • Commercial Frameworks
      • Exploitation frameworks
        • Routersploit
        • Genzai
      • Flipper Zero
        • Repos and resources
      • UEFI Pentesting
        • Qiling
        • Resources adn repos
      • Bluetooth
        • Bluing
    • 🏭ICS/OT - SCADA
      • Active Enumeration
        • Cisco-Torch
        • Nmap
          • HVAC 80
          • Siemens S7 102
          • DICOM 104
          • ATG 443
          • Modbus - Schneider 502
          • MQTT 1883
          • NiagaraFox 1911
          • PCWorx 1962
          • CSPv4 2222
          • IEC 2404
          • Mitsubishi Electric MELSEC PLC 5006
          • Omron 9600
          • DNP3 20000 (TCP-UDP)
          • Knx-gateway 3671
          • ProConOS 20547
          • Rockwell Automation Allen-Bradley 44818
          • Bacnet 47808
        • OSINT
        • Passwords and creds
          • SCADAPASS
        • Metasploit
      • Passive Enumeration
        • Grassmarlin
        • Siemens Simatic PCS 7 Hardening Tool
        • tshark
      • Hardware / Lab setup
        • ClickPLC Plus
      • Github repos and resources
        • online resources
        • Github repos
    • 🩻Private Templates
      • CVE-2024-6387
      • CORS Misconfig
      • CVE-2024-34750
      • CVE-2024-6409 Race Condition in OpenSSH 8.7p1,8.8p1
      • Symfony F#ck U
      • CVE-2024-40725
      • SSRF check
      • Gavazzi Automation UWP 3.0
      • Siemens Simatic PLC
      • CVE-2024-7339
      • Frontpage-exposures
      • in-tank IIoT exposure
      • unauth-VNC
      • Rockwell-Allen-Bradley PLC Detect
      • Hipcam IoT Camera Detect
      • CVE-2024-43044
      • Ivanti-CSA-detect
      • CVE-2024-8190 (Ivanti Command Injection)
      • CVE-2024-38812
      • DB-Dump-Detect
      • Linux Fuzz
      • detect-config.ini
      • Laravel-log
    • 🐞BBP
  • Daily Syncs
    • Design Standups
      • September 2021
        • Week 1 (6 - 10 Sept)
  • Weekly Syncs
    • Company Weeklies
      • 1st September 2021
  • Other Regulars
    • Company Weeklies
      • September 14th 2021
Powered by GitBook
On this page
  1. r3dcl1ff
  2. Enumeration

80 http

Various enumeration techniques

PreviousDNS 53Next/phpbash.php

Last updated 2 years ago

㊙️
🔬
/phpbash.php
inspecting source | Devtools
toolbar that allows to run commands on target
Wordpress Enumeration
Drupal
Koken CMS
Codiad
/.git
Subrion CMS 4.2.1
Fuel CMS
phpmyadmin
/cgi-bin Shellshock
Sar2HTML
Cute News
Nagios
Joomla
advanced_component_system
webdav
OTRS 5.0
Apache James
Ovidentia
Cuppa CMS
Phreebooks
Elastix 2.2.0
ApPHP MicroBlog
MongoDB 2.2.3
CMS Made Simple 2.2.13
Jinja2
Webmin
robots.txt
BuilderEngine 3.5.0 Remote Code Execution via elFinder 2.0
Squid proxy
simfony CMS
C-Panel Reflected XSS - CVE-2023-294
vBulletin <= 5.6.9: Pre-authentication Remote Code Execution