HTExploit : Open Source Tool to Bypass Standard Directory Protection - Hacking Tools Download Download Hacking Tools at 'Tools Yard': HTExploit : Open Source Tool to Bypass Standard Directory Protection

HTExploit : Open Source Tool to Bypass Standard Directory Protection

Labels:
, ,

HTExploit (HiperText access Exploit)
HTExploit (HiperText access Exploit) is an open-source tool written in Python that exploits a weakness in the way that .htaccess files can be configured to protect a web directory with an authentication process to gain access to a protected directory contents. Presumably, if such an attack is successful, you can launch further attacks such as SQL Injection, Local File Inclusion, Remote File Inclusion, etc. on discovered files.

Features of HTExploit:
  • Multiples modules to execute.
  • Save the output to an specify directory.
  • HTML Reporting.
  • Use multiples wordlist to probe against htaccess bypassing.
  • Mode verbose for a full detailed information.
  • Multi-platform and flexible.
The vulnerability exists because web servers like Apache forward PHP-based requests within .htaccess to the PHP engine itself. The .htaccess file allows you to specify the requests get sent to PHP to try to interpret. However, on encountering non-standard input, PHP automatically treats it as a GET request, and allows the utility to start saving the PHP files on a webserver to your local filesystem, bypassing security restrictions!


Subscribe to our Daily Newsletter via email - Be First to know about Security and Penetration testing tools. or Join our Huge Hackers Community on Facebook , Google+ and Twitter .
Subscribe Top Hacker Stories via email

Posted by Mohit Kumar at Saturday, August 04, 2012  

The Hacker News - Daily Updates