Author Topic: How to configure recon-ng (Read 6695 times)

zeroinf · **on:** April 20, 2014, 10:11:25 PM

Hello guys! I have a question: anyone can tell me how can i configure step by step recon-ng >xpath-brutter ? i dont find notting to help me .

Thanks !

ZEROF · **Reply #1 on:** April 21, 2014, 02:41:39 PM

First url in google search:

https://www.youtube.com/watch?v=RKt7o9sOe0A

zeroinf · **Reply #2 on:** April 21, 2014, 08:25:24 PM

That video & other witch i find it earlier not help me. here my recon-ng [xpath]> options :

Name Current Value Req Description
---------- ------------- --- -----------
BASE_URL http://www.mysite.com/Support/Forum/tabid/49/forumid/3/threadid/2006/scope/posts/Default.aspx? yes target resource url excluding any parameters
BASIC_PASS abcdefg no password for basic authentication
BASIC_USER slax no username for basic authentication
COOKIE no cookie string containing authenticated session data
PARAMETERS dnn$ctr387$Forum_Container$DNNForum$txtForumSearch=<inject> yes query parameters with '<inject>' signifying the injection
POST True yes set the request method to post. parameters should still be submitted in the url option
STRING Form yes unique string found when the injection results in 'True'

[recon-ng][default][xpath_bruter] > run

'True' injection payload: =>' and '1'='1<=
'True' injection test passed.
'False' injection payload: =>' and '1'='2<=

[recon-ng][default][xpath_bruter] >

What i do wrong ?

ZEROF · **Reply #3 on:** April 22, 2014, 02:15:25 AM

From my side, didn't try this attack. But I will when i get time. What i think before testing is that target can't be exploited. That is for now, i need to check from box.

Author Topic: How to configure recon-ng (Read 6695 times)

zeroinf

How to configure recon-ng

ZEROF

Re: How to configure recon-ng

zeroinf

Re: How to configure recon-ng

ZEROF

Re: How to configure recon-ng