Jump to content

HtbTricks/HTTP

From justus.pw Wiki
Revision as of 07:56, 5 January 2026 by Justus (talk | contribs) (Add page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Fingerprint

Given $HOST and $PORT: 

curl -i http://$HOST:$PORT

Feroxbuster

Given $HOST, $PORT and $MACHINE, and $WORDLISTS

Wordlists to try out:

  1. SecLists/Discovery/Web-Content/dsstorewordlist.txt
  2. SecLists/Discovery/Web-Content/big.txt
feroxbuster --url http://$HOST:$PORT \
  --wordlist=(cat $WORDLISTS | sort -u | psub) \
  -o machines/$MACHINE/feroxbuster.log -C 404

Cracking

Use patator for complex pw cracking, esp. with csrf tokens: 

patator.py \
    http_fuzz \
    url=http://$HOST:$PORT/$PATH \
    method=POST \
    accept_cookie=1 \
    before_urls=http://$HOST:$PORT/$BEFORE_PATH \
    # Example
    before_egrep='_N1_:<input name="__RequestVerificationToken" type="hidden" value="(\S+)" \/>' \
    body='userNameOrEmail=FILE0&password=FILE1&rememberMe=false&__RequestVerificationToken=_N1_' \
    # Concat several files
    0=(echo 'administrator
james' | psub) \
    1=SecLists/Passwords/probable-v2-top1575.txt \
    # Ignore if these results come up
    -x ignore:fgrep='The username or e-mail or password provided is incorrect' -l log
    -x ignore:fgrep='Internal Server Error' -l log
Retrieved from "https://www.justus.pw/mediawiki/index.php?title=HtbTricks/HTTP&oldid=77"