On my second test i have learned how to use appropriate tools where exists on backtrack 5 to solved the problem which given to my team.
That problem is try brusts in on a site too, but on this moment we have trouble which so difficult to us, we can't resolve it. We have tried analyzed at the script site and on that script we found an encryption script, that is a problem which make us touble to solve it.
In order that we are able to resolve it, we can use some tools which there are on bactrack 5 with the way open Aplication launcher menu.
To disencryption script we need brust tools where exists at menu backtrack --> Vulnerability Assessment --> Web Assessment --> Vulnerability Scanners --> burpsuite
Open it and start it, than chose tab decoder, paste that encryption script there than click smart decode and wait than we are looking the true script, one of other at encryption script we found
<input type="hidden" name="teamstatus" value="false">
if we want to change the value="false" to the value="true" at that site, we need mantra web browser where exists on bactrack 5 as web browser portable at this backtrack. It's located at directory /pentes/web/mantra and thats file name is firefox-portable.
Start mantra with commandTest1
./pentest/web/mantra/firefox-portable
on mantra web browser, we open tools --> tamper data (chose tamper data) to open tamper data. After that opened, we click start tamper and it will start. After that we immediately click login on that site and than open a message dialog, we click tempar and than will open the new window, change the value false to be true at that window, and refresh that site. We will found a user and password at that site.
Identity Providers for RedTeamers
9 months ago
0 comments:
Post a Comment