Fierce Zone Transfer Continue Patch 
Thursday, December 20, 2007, 01:38 AM
So I have been looking at ways to improve Fierce for a few weeks. I spoke with Rsnake and he said the one thing that Fierce does which could be improved, is once it performs a Zone Transfer it quits rather then continue onto a Brute Force DNS attack. Therefore, I decided to talk with a few guys at work and we concluded that this was not the proper thing for it today. What it *should* do is to provide the user with the option to stop once a Zone Transfer has been perform, however it should default to continuing onto the Brute Force DNS attack. I recently, updated the patch:

http://spl0it.org/files/patches/fierce- ... stop.patch

To apply this patch:

wget http://ha.ckers.org/fierce/fierce.pl
wget http://spl0it.org/files/patches/fierce- ... stop.patch
patch -p0 < fierce-zonetransfer-stop.patch
chmod +x fierce.pl
./fierce.pl -h


The option that is added in this patch is the --stop option which quits Fierce if a Zone Transfer is successful.
[ add comment ] ( 5 views ) [ 0 trackbacks ] permalink ( 2.9 / 98 )
HTTP GET Fuzzer 
Thursday, December 20, 2007, 12:00 AM
This is the same script that I wrote yesterday, the only difference is that it uses a GET request instead of a POST.

 ex: $ ./get_fuzzer.pl --url http://www.DOMAIN.com/get \ 
    --fields user,passwd --values USER,PASS 

 
 ex: $ ./get_fuzzer.pl --url http://www.DOMAIN.com/get \ 
    --fields user,passwd \
    --userlist USER_LIST_FILE.txt --passwdlist PASSWORD_LIST_FILE.txt



http://spl0it.org/files/get_fuzzer.pl
[ add comment ] ( 4 views ) [ 0 trackbacks ] permalink ( 2.9 / 81 )
HTTP Post Fuzzer 
Tuesday, December 18, 2007, 10:33 PM
Well, I continue to enjoy keeping the code coming. This time it was a HTTP Fuzzer. This script takes a URL to post to, as well as the fields to use. It can test a single value for each field or it can test them using lists.

Ex:  $ ./post_fuzzer.pl --url http://www.DOMAIN.com/post \ 
    --fields user,passwd \
    --values USER,PASS

 
Ex: $ ./post_fuzzer.pl --url http://www.DOMAIN.com/post \ 
    --fields user,passwd \
    --userlist USER_LIST_FILE.txt --passwdlist PASSWORD_LIST_FILE.txt

http://spl0it.org/files/post_fuzzer.pl

[ 1 comment ] ( 18 views ) [ 0 trackbacks ] permalink ( 3 / 126 )
Transfer this 
Tuesday, December 18, 2007, 12:45 AM
Albert and I were talking about how awesome a Zone transfer is. I figured I would write a script for him and demonstrate how awesome Perl is as well.

http://spl0it.org/files/zone_transfer.pl

Enjoy!
[ 2 comments ] ( 43 views ) [ 0 trackbacks ] permalink ( 3.1 / 119 )
Searching Webpages with Perl 
Sunday, December 16, 2007, 01:10 PM
Need a quick way to search a bunch of webpages? Well, I wrote a script to do it. Enjoy!

http://spl0it.org/files/http_grep.pl

Basic Usage:
% ./http_grep.pl -u http://spl0it.org -s security
found security on
http://spl0it.org
Example of reading the list of webpages from a file:
% cat file.txt 
http://spl0it.org
http://remote-exploit.org
http://vpetkov.net

% ./http_grep.pl -f file.txt -s security
found security on
http://spl0it.org
found security on
http://remote-exploit.org
found security on
http://vpetkov.net

Using grep you can just get a list of only the pages which contain the search term.
 % ./http_grep.pl -f file.txt -s security |grep http
http://spl0it.org
http://remote-exploit.org
http://vpetkov.net

[ add comment ] ( 7 views ) [ 0 trackbacks ] permalink ( 3 / 113 )

<<First <Back | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | Next> Last>>