Menu

HTExploit-en




HTExploit

Phase(s):

Primary: Exploitation.
Secondary: N/A.

Description:

Tool that leverages an improperly configured .htaccess file in Apache + PHP environments. It performs a scan by sending petitions with unrecognized HTTP methods to the Apache application server in order to gain access to restricted PHP files.

Objective:

  • Obtain PHP files to analyze their content.

Features:

Supported technologies: Web applications (HTTP/HTTPS).

Operative mode: Active.

Obtain PHP files to analyze their content.

  • Sends petitions with unrecognized HTTP methods from a configurable base dictionary of common PHP file names.
  • Automated file download in HTML format from the detected PHP files.
  • Provides a report from the downloaded files.

    Reports:
    Output reports:

    • Report in HTML which includes the list of downloaded files.

      Basic usage:

      Perform a scan with the predefined data dictionary. The following instruction initiates the scan on the web application.

      ./htexploit -u [URL] -o [Directorio] –w [Directorio]/wordlist.txt


      Where:

      • -u: Web application URL address.
      • -o: Report export path.
      • -w: Data dictionary to be used for the scan. In case no dictionary is provided the tool will used the default dictionary.

      The tool will begin testing the provided URL in order to verify if it’s vulnerable to the exploit, in case it’s unsuccessful the tool will recommend running a full scan with a data dictionary.

      _ _ _______ ______ _ _ _
      | | | | |__ __| | ____| | | (_) | |
      | |__| | | | | |__ __ __ _ __ | | ___ _ | |_
      | __ | | | | __| \ \/ / | '_ \ | | / _ \ | | | __|
      | | | | | | | |____ > < | |_) | | | | (_) | | | | |_
      |_| |_| |_| |______| /_/\_\ | .__/ |_| \___/ |_| \__|
      | |
      |_| v0.77

      [-] http://localhost/aplicacion// is probably NOT exploitable :(
      [-] You should run the Full Scan module anyway, just in case.

      Would you like to run the Full Scan module? [Y/n]:


      The tool then will create the directory for saving the report and downloaded files.

      [+] Creating report...


      Then the scan is completed, the tool will display a successful message along the path of the exported results.

      [+] Scan completed.
      [+] 3 total files were downloaded, after 2 iteration(s)
      [+] The final report file is in '/tools/explotation/htexploit-0.77/Rep_Miapp'

      [x] Keep shopping at the HTExploit store! :)


      Example report:


      image

      Resources:

      Link: http://www.htexploit.org
      Author(s): Matias Katz
      Contact: http://www.htexploit.org/contact.php
      License: GNU GENERAL PUBLIC LICENSE Version 3