Hi guys,
Today we are going to know how to bypass .htaccess restriction. We will do this by HTEXPLOIT
tools.
HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process.
This tool provides you modularity to scan that website by any vulnerability tools or scanner.
The main characteristic of this tool is that all of the analyses performed are done inside the protected directory, not from the publicly accessible site.
Features
- Multiples modules to execute.
- Save the output to an specify directory.
- HTML Reporting.
- Use multiples wordlist to probe against htaccess bypassing.
- Mode verbose for full detailed information.
SO lets start...
Open your backtrack and follow me...
Applications->Backtrack–>Exploitation Tools->Web Exploitation Tools->htexpoit
OR, Open your backtrack terminal then type-
cd/tentest/web/htexploit
./htexploit
Python htexploit –u www.example.com
usage
| -h, –help | show this help message and exit |
| -m MODULE, –module=MODULE | Select the module to run (Default: detect) |
| -u URL, –url=URL | **REQUIRED** – Specify the URL to scan |
| -o OUTPUT, –output=OUTPUT | Specify the output directory |
| -w WORDLIST, –wordlist=WORDLIST | Specify the wordlist to use |
| -v, –verbose | Be verbose |
Thats it... Job done!!!
If you have any query about this article please drop us a line on comment box. thankss...
is a wordlist a must-have to get this working?
ReplyDelete