LAMP

绕过htaccess的限制工具-HTExploit

by Orange

HTExploit是Black hat 2012发布的一款工具,由python编写并且开放源代码,用了.htaccess配置中身份验证和对web目录保护过程的弱点。可以通过使用这个工具绕过身份验证列出一个目录的保护内容。该工具提供了模块化的设计,允许渗透测试人员充分对受到保护的网站进行渗透测试:SQL注入,本地文件保护,远程文件保护,等等。

工具特点:

 

多个模块执行
输出保存到指定目录
html格式报告
可以使用wordlist

 

可用模块

 

detect  - 目录探测
full  - 使用字典方式探测url,查找脆弱的php文件

 

使用方法:

 

$python htexploit

 

运行之后如下:

 

| |  | | |__   __| |  ____|                | |         (_) | |
| |__| |    | |    | |__    __  __  _ __   | |   ___    _  | |_
|  __  |    | |    |  __|   \ \/ / | '_ \  | |  / _ \  | | | __|
| |  | |    | |    | |____   >  <  | |_) | | | | (_) | | | | |_
|_|  |_|    |_|    |______| /_/\_\ | .__/  |_|  \___/  |_|  \__|
                                   | |
                                   |_|  v1.0

Usage: htexploit -u [URL] [options]

Options:
-h, --help              show this help message and exit
 -m MODULE, --module=MODULE
                        Select the module to run (Default: detect)
-u URL, --url=URL     **REQUIRED** - Specify the URL to scan
-o OUTPUT, --output=OUTPUT
                        Specify the output directory
-w WORDLIST, --wordlist=WORDLIST
                        Specify the wordlist to use
-v, --verbose           Be verbose

例子:

 

 

python htexploit -u 10.10.10.10 -w FullList -o FolderPATH

下载地址

Common PHP compilation problems on Linux servers

by Orange

1) Configure: error: xml2-config not found. Please check your libxml2 installation.

Solutions :

Quote:
#yum install libxml2 libxml2-devel (For Redhat & Fedora)# aptitude install libxml2-dev      (For ubuntu)

2) Checking for pkg-config… /usr/bin/pkg-config
configure: error: Cannot find OpenSSL’s

Solutions :

Quote:
#yum install openssl openssl-devel

3) Configure: error: Please reinstall the BZip2 distribution

Solutions :

Quote:
yum install bzip2 bzip2-devel

4) Configure: error: Please reinstall the libcurl distribution –
easy.h should be in /include/curl/

Solutions :

Quote:
yum install curl curl-devel   (For Redhat & Fedora)# install libcurl4-gnutls-dev    (For Ubuntu)

5) Configure: error: libjpeg.(also) not found.

Solutions :

Quote:
yum install libjpeg libjpeg-devel

6) Configure: error: libpng.(also) not found.

Solutions :

Quote:
yum install libpng libpng-devel# apt-get install libpng12 libpng12-devel (For Ubuntu)

7) Configure: error: freetype.h not found.
Solutions :

Quote:
#yum install freetype-devel

8 ) Configure: error: Unable to locate gmp.h

Solutions :

Quote:
yum install gmp-devel

9) Configure: error: Cannot find MySQL header files under /usr.
Note that the MySQL client library is not bundled anymore!

Solutions :

Quote:
yum install mysql-devel            (For Redhat & Fedora)# apt-get install libmysql++-dev      (For Ubuntu)

10) Configure: error: Please reinstall the ncurses distribution

Solutions :

Quote:
yum install ncurses ncurses-devel

11) Checking for unixODBC support… configure: error: ODBC header file ‘/usr/include/sqlext.h’ not found!

Solutions :

Quote:
yum install unixODBC-devel

12) Configure: error: Cannot find pspell

Solutions :

Quote:
yum install pspell-devel

13) configure: error: mcrypt.h not found. Please reinstall libmcrypt.

Solutions :

Quote:
yum install libmcrypt libmcrypt-devel    (For Redhat & Fedora)# apt-get install libmcrypt-dev

14) Configure: error: snmp.h not found. Check your SNMP installation.

Solutions :

Quote:
yum install net-snmp net-snmp-devel

15) /usr/bin/ld: cannot find -lltdl. (Error when you “make”)

Solutions :

Quote:
yum install libtool-ltdl-devel