https://wiki.elvis.science/api.php?action=feedcontributions&user=FBirnegger&feedformat=atomEmbedded Lab Vienna for IoT & Security - User contributions [en]2024-03-29T08:02:11ZUser contributionsMediaWiki 1.37.2https://wiki.elvis.science/index.php?title=Ffuf&diff=10561Ffuf2023-01-03T14:12:31Z<p>FBirnegger: /* Fuzz for Subdomains */</p>
<hr />
<div>[[File:Ffuf_logo.png|thumb|Ffuf Logo]] <br />
<br />
== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show the most important flags and different commands for the most useful use-cases. It can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist and (optional) Keyword after semicolon<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
==== Fuzz for directories ====<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: to specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
==== Fuzz for Subdomains ====<br />
ffuf -w wordlist.txt:FUZZ -u http://FUZZ.SERVER_IP:PORT/<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
==== Fuzz for directories recursively ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10560Ffuf2023-01-03T14:10:57Z<p>FBirnegger: /* Enumerate files with certain extensions */</p>
<hr />
<div>[[File:Ffuf_logo.png|thumb|Ffuf Logo]] <br />
<br />
== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show the most important flags and different commands for the most useful use-cases. It can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist and (optional) Keyword after semicolon<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
==== Fuzz for directories ====<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: to specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
==== Fuzz for Subdomains ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
==== Fuzz for directories recursively ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10559Ffuf2023-01-03T14:07:40Z<p>FBirnegger: /* Summary */</p>
<hr />
<div>[[File:Ffuf_logo.png|thumb|Ffuf Logo]] <br />
<br />
== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show the most important flags and different commands for the most useful use-cases. It can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist and (optional) Keyword after semicolon<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
==== Fuzz for directories ====<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
==== Fuzz for Subdomains ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
==== Fuzz for directories recursively ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10555Ffuf2023-01-03T14:04:31Z<p>FBirnegger: /* Input & Output */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist and (optional) Keyword after semicolon<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
==== Fuzz for directories ====<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
==== Fuzz for Subdomains ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
==== Fuzz for directories recursively ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10553Ffuf2023-01-03T14:03:47Z<p>FBirnegger: /* Directory Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
==== Fuzz for directories ====<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
==== Fuzz for Subdomains ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
==== Fuzz for directories recursively ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10552Ffuf2023-01-03T14:03:07Z<p>FBirnegger: /* Recursive (Directory) Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
Generic command<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
==== Fuzz for Subdomains ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
==== Fuzz for directories recursively ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10550Ffuf2023-01-03T14:02:43Z<p>FBirnegger: /* Parameter Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
Generic command<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
==== Fuzz for parameter names in GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== Fuzz for parameter names in POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10549Ffuf2023-01-03T14:01:39Z<p>FBirnegger: /* Vhosts Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
Generic command<br />
ffuf -w wordlist.txt -u http://SERVER_IP/:PORT/FUZZ<br />
<br />
=== Page Fuzzing ===<br />
==== Fuzz the file extensions ====<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ<br />
<br />
==== Enumerate files with certain extensions ====<br />
ffuf -w lowercase.txt:FUZZ u http://SERVER_IP:PORT/FUZZ -e .php,.html,.txt<br />
* -e: specify the extensions<br />
<br />
==== Fuzz filenames ==== <br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ.php<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
==== Fuzz for VHosts ====<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10546Ffuf2023-01-03T13:58:46Z<p>FBirnegger: /* POST Requests */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
To find Vhosts.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10545Ffuf2023-01-03T13:57:01Z<p>FBirnegger: /* Vhosts Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
To find Vhosts.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: FUZZ.SERVER_IP<br />
<br />
* -H: to determine HTTP Header field with value<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value; multipe<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10544Ffuf2023-01-03T13:55:52Z<p>FBirnegger: /* Recursive (Directory) Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
To find Vhosts.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: Fuzz.SERVER_IP<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value; multipe<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10543Ffuf2023-01-03T13:55:26Z<p>FBirnegger: /* Vhosts Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
To find Vhosts.<br />
<br />
ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/ -H ‘Host: Fuzz.SERVER_IP<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value; multipe<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10542Ffuf2023-01-03T13:54:26Z<p>FBirnegger: /* Recursive (Directory) Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value; multipe<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
To find directories recursively.<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10541Ffuf2023-01-03T13:54:00Z<p>FBirnegger: /* Parameter Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
To find parameter names.<br />
<br />
==== GET Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php?FUZZ=key -fs xxx<br />
<br />
==== POST Requests ====<br />
ffuf -w parameter-wordlist.txt:FUZZ -u http://SERVER_IP:PORT/admin/admin.php -X POST -d 'FUZZ=key' -H 'Content-Type: application/x-www-form-urlencoded' -fs xxx<br />
<br />
* -X: to determine the HTTP Method<br />
* -d: to determine POST data<br />
* -H: To use HTTP Header field with value; multipe<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10540Ffuf2023-01-03T13:44:51Z<p>FBirnegger: /* Recursive Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
=== Recursive (Directory) Fuzzing ===<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10539Ffuf2023-01-03T13:44:22Z<p>FBirnegger: /* Recursive Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
=== Recursive Fuzzing ===<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10538Ffuf2023-01-03T13:44:01Z<p>FBirnegger: /* Recursive Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
=== Recursive Fuzzing ===<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth <br />
1 -e .php -v<br />
<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10537Ffuf2023-01-03T13:43:37Z<p>FBirnegger: /* Recursive Fuzzing */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
=== Recursive Fuzzing ===<br />
* -recursion: to enable recursive Fuzzing<br />
* -recursion-depth: to determine the recursion depth<br />
* -v: to output the full URL for a better overview<br />
<br />
ffuf -w /opt/useful/SecLists/Discovery/Web-Content/directory-list-2.3-small.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10536Ffuf2023-01-03T13:40:03Z<p>FBirnegger: /* Cheatsheet */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
=== Recursive Fuzzing ===<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10535Ffuf2023-01-03T13:39:33Z<p>FBirnegger: /* Cheatsheet */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
==== Match & Filter ====<br />
* '''-mc''' : Match response codes<br />
* '''-mr''' : Match regex pattern<br />
* '''-ms''' : Match reponse size<br />
* '''-fc''' : Filter response codes<br />
* '''-fr''' : Filter regex pattern<br />
* '''-fs''' : Filter reponse size<br />
<br />
==== Input & Output ====<br />
* '''-w''' : Wordlist<br />
* '''-mode''' : Operation Mode (Clusterbomb, Pitchfork)<br />
* '''-request''' : File with a HTTP request<br />
* '''-o''' : Output file<br />
* '''-of''' : Output file format<br />
<br />
=== Directory Fuzzing ===<br />
<br />
=== Page Fuzzing ===<br />
<br />
=== Subdomain Fuzzing ===<br />
<br />
=== Vhosts Fuzzing ===<br />
<br />
=== Parameter Fuzzing ===<br />
<br />
=== Recursive Fuzzing ===<br />
<br />
=== ffuf filtering ===<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10528Ffuf2023-01-03T13:27:27Z<p>FBirnegger: </p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== Courses ==<br />
* Sichere Softwareentwicklung (IT-Security 22/23)<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10527Ffuf2023-01-03T13:25:17Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
* https://www.kali.org/tools/ffuf/<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10526Ffuf2023-01-03T13:24:05Z<p>FBirnegger: </p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
$sudo apt install ffuf<br />
<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10525Ffuf2023-01-03T13:23:20Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Cheatsheet ==<br />
=== Useful flags ===<br />
<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
* https://github.com/ffuf/ffuf#installation<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10523Ffuf2023-01-03T13:22:05Z<p>FBirnegger: /* Overview */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
Ffuf is a web fuzzer written in Go. It Is pre-installed in Kali Linux and sponsored by Offensive Security. The tool can be used for different Fuzzing use-cases and it supports recursive Fuzzing.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10522Ffuf2023-01-03T13:21:47Z<p>FBirnegger: </p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Overview ==<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10521Ffuf2023-01-03T13:21:01Z<p>FBirnegger: /* Summary */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10520Ffuf2023-01-03T13:20:43Z<p>FBirnegger: /* Overview */</p>
<hr />
<div>== Overview == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10519Ffuf2023-01-03T13:19:46Z<p>FBirnegger: /* Installation */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10518Ffuf2023-01-03T13:19:35Z<p>FBirnegger: /* Installation */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10517Ffuf2023-01-03T13:19:17Z<p>FBirnegger: /* Installation */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
<br />
$sudo apt install ffuf<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10516Ffuf2023-01-03T13:16:12Z<p>FBirnegger: /* Installation */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
`$sudo apt install ffuf`<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10515Ffuf2023-01-03T13:15:56Z<p>FBirnegger: /* Requirements */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Installation ==<br />
If you are using Kali Linux you can use ffuf straight away because it is pre-installed. If you are using another Linux Distribution you can install the tool with <br />
´$sudo apt install ffuf´<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=Ffuf&diff=10514Ffuf2023-01-03T13:14:49Z<p>FBirnegger: /* Summary */</p>
<hr />
<div>== Summary == <br />
This Wiki Entry is about the Tool ffuf (Fuzz Faster You Fool). The article will show different commands for the most useful use-cases and can be utilized as a cheatsheet.<br />
<br />
== Requirements ==<br />
...<br />
<br />
<br />
== Cheatsheet ==<br />
...<br />
<br />
=== Directory Fuzzing ===<br />
<br />
<br />
== References ==<br />
...<br />
<br />
[[Category:Pentesting]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9216UPnP vulnerabilities2022-01-04T23:09:03Z<p>FBirnegger: /* Mirai Botnet */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<ref name="mirai"/><br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
<br />
* https://www.upguard.com/blog/what-is-upnp<br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices<br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards<br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020<br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
* <ref name="mirai">https://www.imperva.com/blog/how-to-identify-a-mirai-style-ddos-attack/</ref><br />
<br />
<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9215UPnP vulnerabilities2022-01-04T23:08:32Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
<br />
* https://www.upguard.com/blog/what-is-upnp<br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices<br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards<br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020<br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
* <ref name="mirai">https://www.imperva.com/blog/how-to-identify-a-mirai-style-ddos-attack/</ref><br />
<br />
<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9214UPnP vulnerabilities2022-01-04T23:05:46Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
<br />
* https://www.upguard.com/blog/what-is-upnp<br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices<br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards<br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020<br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9213UPnP vulnerabilities2022-01-04T23:03:20Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
<br />
* https://www.upguard.com/blog/what-is-upnp<br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices<br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards<br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020<br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk<br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9212UPnP vulnerabilities2022-01-04T23:03:04Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<references><br />
<br />
* https://www.upguard.com/blog/what-is-upnp<br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices<br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards<br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020<br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk<br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
</references><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9211UPnP vulnerabilities2022-01-04T23:02:05Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<references><br />
<br />
* https://www.upguard.com/blog/what-is-upnp<br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices<br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards<br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020<br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk<br />
* https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/<br />
<br />
</references><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9210UPnP vulnerabilities2022-01-04T22:58:40Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<references><br />
<br />
<ref name="upguard">https://www.upguard.com/blog/what-is-upnp</ref><br />
<ref name="devicearch">https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf</ref><br />
<ref name="gitcallstranger">https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp</ref><br />
<ref name="fbi">https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices</ref><br />
<ref name="ocf">https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards</ref><br />
<ref name="iot">An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020</ref><br />
<ref name="sdk">https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk</ref><br />
<ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
</references><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9209UPnP vulnerabilities2022-01-04T22:56:41Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<references><br />
<br />
<ref>https://www.upguard.com/blog/what-is-upnp</ref><br />
<ref>https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf</ref><br />
<ref>https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp</ref><br />
<ref>https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices</ref><br />
<ref>https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards</ref><br />
<ref>An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020</ref><br />
<ref>https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk</ref><br />
<ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
</references><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9185UPnP vulnerabilities2022-01-04T19:26:21Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<references><br />
<br />
* https://www.upguard.com/blog/what-is-upnp <br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices <br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards <br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020 <br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk <br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
</references><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9184UPnP vulnerabilities2022-01-04T19:25:08Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
* https://www.upguard.com/blog/what-is-upnp <br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices <br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards <br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020 <br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk <br />
* <ref name="callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9183UPnP vulnerabilities2022-01-04T19:24:03Z<p>FBirnegger: /* References */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
* https://www.upguard.com/blog/what-is-upnp <br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices <br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards <br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020 <br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk <br />
* <ref name=callstranger">https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/</ref><br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=9182UPnP vulnerabilities2022-01-04T19:22:32Z<p>FBirnegger: /* CallStranger Attack */</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<ref name="callstranger"/><br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
* https://www.upguard.com/blog/what-is-upnp <br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices <br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards <br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020 <br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk <br />
* https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=8963UPnP vulnerabilities2021-12-21T21:04:53Z<p>FBirnegger: </p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
<br />
[[File:Mirai-botnet-diagram.png]]<br />
<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
* https://www.upguard.com/blog/what-is-upnp <br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices <br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards <br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020 <br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk <br />
* https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=UPnP_vulnerabilities&diff=8962UPnP vulnerabilities2021-12-21T21:02:51Z<p>FBirnegger: Created page with "== Summary == This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. == UPnP == UPnP is a protocol stack whi..."</p>
<hr />
<div>== Summary == <br />
<br />
This document is about the general vulnerability and also about two well-known vulnerabilities of the UPnP protocol. <br />
<br />
== UPnP ==<br />
<br />
UPnP is a protocol stack which allows devices to connect to a network withouth further manual configuration. The automatic configuration by the UPnP protocol includes IP address assignment, port forwarding and eventing. <br />
This is done with a networking architecture which uses the TCP/IP protocol as well as other internet protocols like HTTP and DHCP. In a UPnP Network there are always one or more control devices (e.g. a router)<br />
and one or more service devices. (e.g. Smartphones, Printers, Smart Home Devices, etc.) This makes UPnP an easy and flexible way to provide connectivity in a network.<br />
<br />
== UPnP Vulnerability ==<br />
There are many known vulnerabilities and security risks when talking about the UPnP<br />
Standard. On the Common Vulnerability and Exposure (CVE) website 130 different<br />
known vulnerabilities with the keyword ̈UPnPcan be found. Also, some known state<br />
institutions, like the FBI have publicly recommended to disable UPnP in general. The<br />
reason, according to the FBI Webpage, is that there are UPnP exploits which allow<br />
access to different IoT devices. Not only these known vulnerabilities make security such<br />
an important issue when talking about UPnP. The standard has also some general<br />
vulnerabilities by design. In some steps in UPnP networking there is no verification, integrity check or access control. There are also some UPnP SDKs which can be exploited. <br />
<br />
== CallStranger Attack ==<br />
In attack type, malicious actors send UPnP SUBSCRIBE requests to a target in which the CALLBACK header value is<br />
modified. The CALLBACK head value indicates to which machine the answer should be send to. With this vulnerability the callbacks could be directed anywhere. This attack could allow:<br />
• Scanning of internal ports<br />
• Reflected or amplified DDoS attacks<br />
• Bypassing DLP and network security to exfiltrate data<br />
The “CallStranger” Attack was fixed in April 2019<br />
<br />
[[File:upnp_callstranger.jpg]]<br />
<br />
== UPnP Flash Attack ==<br />
This attack type is starting off with the victim opening a malicious SWF (Adobe Flash Player) file in the browser. This starts a silent attack<br />
which sends UPnP requests to the victim’s browser. These requests could open ports on the victim’s<br />
computer or change the primary DNS-Server of the victim. The UPnP Flash Attack is still not fixed and thus, it is still possible to carry out this attack.<br />
<br />
== Mirai Botnet ==<br />
A real-world example of a large-scale UPnP attack is the Mirai Botnet which was discovered in 2018.<br />
In this attack hundreds of thousands of routers over the internet where scanned and the attack<br />
software was searching for exposed Telnet ports which were added by UPnP. The Attackers BruteForced the default passwords of the devices and added these to the botnet. <br />
The botnet was then used to start large-scale DDoS attacks which shut down some target servers. A depiction of a simplified DDoS Attack with the Mirai Botnet can be seen in the picture below.<br />
[[File:Mirai-botnet-diagram.png]]<br />
== Courses ==<br />
<br />
* [[Ausgewählte Kapitel der IT Security]] (2021)<br />
<br />
== References ==<br />
<br />
* https://www.upguard.com/blog/what-is-upnp <br />
* https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf<br />
* https://github.com/yunuscadirci/CallStranger/blob/master/CallStrangerhttps://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp<br />
* https://www.fbi.gov/news/stories/cyber-tip-be-vigilant-with-your-internet-of-things-iot-devices <br />
* https://openconnectivity.org/developer/specifications/upnp-resources/upnp/standards <br />
* An Overview of UPnP-based IoT Security: Threats, Vulnerabilities, and Prospective Solutions; Golam Kayas, Mahmud Hossain, Jamie Payton, S. M. Riazul Islam; 2020 <br />
* https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=upnp+sdk <br />
* https://www.helpnetsecurity.com/2020/06/09/cve-2020-12695/<br />
<br />
[[Category:Basics]]</div>FBirneggerhttps://wiki.elvis.science/index.php?title=File:Mirai-botnet-diagram.png&diff=8961File:Mirai-botnet-diagram.png2021-12-21T21:02:13Z<p>FBirnegger: </p>
<hr />
<div></div>FBirneggerhttps://wiki.elvis.science/index.php?title=File:Upnp_callstranger.jpg&diff=8960File:Upnp callstranger.jpg2021-12-21T20:56:48Z<p>FBirnegger: </p>
<hr />
<div></div>FBirnegger