Closed RemakingEden closed 5 years ago
0xInfection
commented
5 years ago Thank you for raising this issue. I was always looking for these kinda issues. I'll push a patch within today. And yeah, if there are more, just bring them on. It will be a good fixing them.
And about the debug info, what I wanted was the website itself which in your case is criteo.com. And the rest you have provided.
0xInfection
commented
5 years ago Alright have a look at #60. These 3 bugs have been tested and fixed. You can try cloning the Fixing-#59 branch via git clone -b Fixing-#59 https://github.com/0xinfection/tidos-framework
and tell me if the issue still has been fixed or not. 🙂
RemakingEden
commented
5 years ago Alright have a look at #60. These 3 bugs have been tested and fixed. You can try cloning the Fixing-#59 branch via
git clone -b Fixing-#59 https://github.com/0xinfection/tidos-frameworkand tell me if the issue still has been fixed or not.
Thanks for the quick fix. Strangely enough with the branch you linked above I only get the reverse DNS lookup. Nothing else. The main menu etc does not even load. It was a fresh install after uninstall. Did you do something wrong?
RemakingEden
commented
5 years ago 
0xInfection
commented
5 years ago Oh shit, I forgot to revert the test environments.
Update: Fixed it. Just do a git pull and run python2 tidos.py file. No need to run the install file over again.
RemakingEden
commented
5 years ago Seems to be fixed. I won't have time to have a decent look until tomorrow but I will update when i'm sure. Thanks again!
RemakingEden
commented
5 years ago All the past ones seem to be working now. I have found some new issues. Linked below. Still going through everything so I will update soon.
=================================
S E S S I O N F I X A T I O N
=================================
[*] Making the request...
[+] Found cookie reflecting in headers...
[-] Unhandled runtime exception while execution...
[-] Exception Encountered: unsupported operand type(s) for +: 'RequestsCookieJar' and 'str'
[-] Returning back to main menu... X S S (Cookie Based)
=======================
[+] This website values session cookies...
[*] Trying Payload : <font style='color:expression(alert('XSS'))'>
[+] Using !nfected cookie : !xBeMmlHzG/KrrcpTkGyUzli5QPYSH/CGWbHUBfFoDNYWehJOPxrhwkBkifkaG5uChydo7Q5BpRnuNYaXlttYQwBiDUZS46z/okfzKyl1 <font style='color:expression(alert('XSS'))'>
[*] Trying Payload : ' onmouseover=alert(/Black.Spook/)
[+] Using !nfected cookie : !ndDVKaEV/al80AFTkGyUzli5QPYSH6A5WPLm7dZoT8YpqTpHzIX/Xifke1tB4T4hRxA9/MjixRLbH9Zd0g6q/32WYibLC/QPQkNIg7ox' onmouseover=alert(/Black.Spook/)
[*] Trying Payload : ";eval(unescape(location))//# %0Aalert(0)
[+] Using !nfected cookie : !P2WXKbNIky2gfhhTkGyUzli5QPYSHzL7GOElVk3ABKKKOKFYFP28d2rERrKBAY8lLfQfoI/ENRoiwNQb0W06nIv9TRrSaGoQGW2xM6HM";eval(unescape(location))//# %0Aalert(0)
[*] Trying Payload : "><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
[+] Using !nfected cookie : !RTBDEqPpvyuCL1lTkGyUzli5QPYSH9Ty6iynpfkpVnEm+A6yEm5l++BtLwYdBg8/+yECqgaeDh+6fI8awypFGiuesVBNBzuW+v1TQ80T"><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
[-] Unhandled runtime exception while execution...
[-] Exception Encountered: unexpected end of regular expression
[-] Returning back to main menu...^^ This happens with all XSS automatic tests
======================================
S Q L i H U N T E R (Auto Awesome)
======================================
[It is recommended to run ScanEnum/Crawlers
before using this module]
[-] Path file not found!
[*] Loading module SQLi...
[!] Module Selected : Bruteforce Modules
[-] Unhandled runtime exception while execution...
[-] Exception Encountered: global name 'os' is not defined
[-] Returning back to main menu...I found the SQLi issue in both Auto Awesome modules. They all will be worked on.
Update: Alright, all these issues have been fixed in the above 5 commits, some have improved a lot in their functionality too! 💜
Test out the branch and let me know!
RemakingEden
commented
5 years ago Awesome :) Found a couple of other little things
===================================
O S F I N G E R P R I N T I N G
===================================
[*] Initialising Module [1]...
[*] Getting ip address...
[+] Website IP : 178.250.0.144
[*] Trying to identify operating system...
[!] Configuring requests...
[*] Getting raw data...
[*] Analysing responses...
[+] Operating System Identified : Windows
[+] Module [1] Completed!
[-] Unhandled Exception occured...
[-] Exception : global name 'flag' is not defined =========================
C M S D E T E C T O R
=========================
[*] Parsing the web URL...
[!] URL successfully parsed !
[*] Passive Fingerprinting CMS...
[!] Setting priority to False...
[*] Importing token...
[+] Token detected : 756ab2cfa1ed5575a71e0714ef05c2e228f17b6b1476de7075f7f4d6b4978272376fb3
[*] Active Fingerprinting CMS...
[*] Parsing raw-data...
[-] Unhandled runtime exception while execution...
[-] Exception Encountered: global name 'domain' is not defined
[-] Returning back to main menu...Will be fixed within today. :)
Update: Alright they have been tested working and fixed in the two commits below.
0xInfection
commented
5 years ago I guess everything has been working as intended. So yeah, for now I am closing this as fixed. Since, this fixes a lot of bugs, I wouldn't like the PR to be hanging. So yeah, thank you so much for your contribution. If you find some other bugs out there, just don't hesitate to pull up an issue.
RemakingEden
commented
5 years ago I guess everything has been working as intended. So yeah, for now I am closing this as fixed. Since, this fixes a lot of bugs, I wouldn't like the PR to be hanging. So yeah, thank you so much for your contribution. If you find some other bugs out there, just don't hesitate to pull up an issue.
Thanks mate, ive lost all my time since moving to Japan. If I get some more time I will look over everything again :)
Hi @0xInfection,
Thanks for the framework, I'm really enjoying working with it so far.
I'm new to Github and leaving issues so forgive me if I do anything wrong/miss anything off this report. I have seen on other issues you have requested debug info on the modules. I'm not entirely sure how to do this, however, I will give everything I can.
My system is Linux Mint and my Python version is Python 2.7.15rc1
The modules I am having an issue with are: (All of these come from using the Auto awesome feature)
I'm also finding that when the error occurs none of the previous info is saved so the /opt/tidos/tmp/criteo.com-subdomains.lst is blank and there is nothing at all in /opt/tidos/tmp/logs/criteo.com-logs.
If I find any more I will add them, let me know if there is other info you need from me.