https://www.justus.pw/mediawiki/index.php?action=history&feed=atom&title=HtbTricks%2FHTTP
HtbTricks/HTTP - Revision history
2026-05-25T02:22:43Z
Revision history for this page on the wiki
MediaWiki 1.44.3
https://www.justus.pw/mediawiki/index.php?title=HtbTricks/HTTP&diff=77&oldid=prev
Justus: Add page
2026-01-05T07:56:35Z
<p>Add page</p>
<p><b>New page</b></p><div>= Fingerprint =<br />
<br />
Given <code>$HOST</code> and $PORT:<br />
<br />
<syntaxhighlight lang="bash">curl -i http://$HOST:$PORT</syntaxhighlight><br />
<span id="feroxbuster"></span><br />
= Feroxbuster =<br />
<br />
Given <code>$HOST</code>, <code>$PORT</code> and <code>$MACHINE</code>, and <code>$WORDLISTS</code><br />
<br />
Wordlists to try out:<br />
<br />
# <code>SecLists/Discovery/Web-Content/dsstorewordlist.txt</code><br />
# <code>SecLists/Discovery/Web-Content/big.txt</code><br />
<br />
<syntaxhighlight lang="fish">feroxbuster --url http://$HOST:$PORT \<br />
--wordlist=(cat $WORDLISTS | sort -u | psub) \<br />
-o machines/$MACHINE/feroxbuster.log -C 404</syntaxhighlight><br />
<span id="cracking"></span><br />
= Cracking =<br />
<br />
Use patator for complex pw cracking, esp. with csrf tokens:<br />
<br />
<syntaxhighlight lang="fish">patator.py \<br />
http_fuzz \<br />
url=http://$HOST:$PORT/$PATH \<br />
method=POST \<br />
accept_cookie=1 \<br />
before_urls=http://$HOST:$PORT/$BEFORE_PATH \<br />
# Example<br />
before_egrep='_N1_:<input name="__RequestVerificationToken" type="hidden" value="(\S+)" \/>' \<br />
body='userNameOrEmail=FILE0&password=FILE1&rememberMe=false&__RequestVerificationToken=_N1_' \<br />
# Concat several files<br />
0=(echo 'administrator<br />
james' | psub) \<br />
1=SecLists/Passwords/probable-v2-top1575.txt \<br />
# Ignore if these results come up<br />
-x ignore:fgrep='The username or e-mail or password provided is incorrect' -l log<br />
-x ignore:fgrep='Internal Server Error' -l log<br />
<br />
</syntaxhighlight></div>
Justus