How to configure recon-ng

zeroinf · April 20, 2014, 11:11:25 PM

Hello guys! I have a question: anyone can tell me how can i configure step by step recon-ng >xpath-brutter ? i dont find notting to help me .

Thanks !

ZEROF · April 21, 2014, 03:41:39 PM

First url in google search:

https://www.youtube.com/watch?v=RKt7o9sOe0A

;)

zeroinf · April 21, 2014, 09:25:24 PM

That video & other witch i find it earlier not help me. here my recon-ng [xpath]> options :

Name Current Value Req Description
---------- ------------- --- -----------
BASE_URL http://www.mysite.com/Support/Forum/tabid/49/forumid/3/threadid/2006/scope/posts/Default.aspx? yes target resource url excluding any parameters
BASIC_PASS abcdefg no password for basic authentication
BASIC_USER slax no username for basic authentication
COOKIE no cookie string containing authenticated session data
PARAMETERS dnn$ctr387$Forum_Container$DNNForum$txtForumSearch=<inject> yes query parameters with '<inject>' signifying the injection
POST True yes set the request method to post. parameters should still be submitted in the url option
STRING Form yes unique string found when the injection results in 'True'

[recon-ng][default][xpath_bruter] > run

'True' injection payload: =>' and '1'='1<=
'True' injection test passed.
'False' injection payload: =>' and '1'='2<=
[!] 'False' injection test failed.
[recon-ng][default][xpath_bruter] >

What i do wrong ?

ZEROF · April 22, 2014, 03:15:25 AM

From my side, didn't try this attack. But I will when i get time. What i think before testing is that target can't be exploited. That is for now, i need to check from box.

How to configure recon-ng

zeroinf

ZEROF

zeroinf

ZEROF