#!/usr/bin/python
    import urllib2
    import sys
    print "[*] Target URL format = http://www.mydomain.com"
    host = raw_input("[*] Enter target URL: ")
    path = '/README.txt'
    combined = host + path
    url = urllib2.urlopen(combined)
    print
    print ("fetching... ") + combined
    html = url.readlines()[:10]
    for line in html:
    if 'Joomla!' in line:
    print
    sys.stdout.write(line)
    print


    #!/usr/bin/python
    import urllib2
    print "[*] Target URL format = http://www.mydomain.com"
    host = raw_input("[*] Enter target URL: ")
    path = '/wp-links-opml.php'
    combined = host + path
    url = urllib2.urlopen(combined)
    print
    print ("fetching... ") + combined
    html = url.readlines()
    for line in html:
    if 'generator' in line:
    print
    print line


    VehicleWorkshop is vulnerable to SQL Injection and you can view the tidbit of information on Exploit-DB.  Essentially, our injection point is "vehicleid=" but this isn't a login prompt, I can't use:  bob' or 1=1;-- and while I don't like tools, this is definitely a job for sqlmap.  

    Before we get started, let's get this app setup.  You can download the app from Exploit-DB, extract it to a folder, and setup the permissions with chmod 777.  I wanted command execution which is why I gave the folder wrx.  Without it, you won't be able to perform any of the os-shell commands.  You can get into sql-shell and poke around but it's not nearly as fun.  


    I came across a web site running a current version of WordPress with the Simple Fields plugin installed.  Searching Exploit-DB, I found:

    WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution

    “ This can even lead to remote code execution, for example by injecting php code into the apache logs or if allow_url_include is turned on in php.ini. ”


    I periodically hit up Vulnhub for some machines to beat on.  Bsides Vancouver:  2018 (Workshop) is the most recent addition, it's description states:  "Boot2root challenges aim to create a safe environment where you can perform real-world penetration testing on an (intentionally) vulnerable target."

    It was designed for VirtualBox but this was easily imported into Xenserver.  Once I got it running, I started my enumeration.


    © 2020 sevenlayers.com