Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-02 14:56:10 -04:00
Code Issues Projects Releases Packages Wiki Activity

gitignore

Browse source
This commit is contained in:
bt3gl 2014-11-19 12:07:31 -05:00
parent 987160a0a9
commit a7dc2b80cc
2 changed files with 0 additions and 194 deletions
Download patch file Download diff file Expand all files Collapse all files

119
Web_Exploits/SQLi/README.md~
View file

@ -1,119 +0,0 @@
# Web Exploits
[My list of common web vulnerabilits.](http://bt3gl.github.io/a-list-of-common-web-vulnerabilities.html)
## OS Command Injection
---
## SQLi
- Brute force password
- Timed SQLi
- Cookie force brute
---
## PHP Shells
- php primer
- xor
- exploits
----
## Scanners
- heartbleed
-----
## User ID
- cookie auth
- user id
----
## Other Resources
#### When we have a Website/IP Address:
- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.
- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.
- Use the command ```dig``` or ```ping``` in Linux to find the IP address of the website.
- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.
- Check the *robot.txt* file for hidden folders.
- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
-----
## URLs
#### Octal
- Example: http://017700000001 --> 127.0.0.1
- For example 206.191.158.50:
((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370.
Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564)
#### Great @
-Everything between "http://" and "@" is completely irrelevant
```
http://doesn'tmatter@www.google.org
http://!$^&*()_+`-={}|[]:;@www.google.com
```
- @ symbol can be represented by its hex code %40
- dots are %2e
----
## HTTP
The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers):
- User-Agent: browser version information
- Host: URL hostanme
- Accept: supported MIME documents( such as text/plain or audio/MPEG)
- Accept-Language: supported language codes
- Referer: originating page for the request
The headers are terminated with a single empty line, which may be followerd by any payload the client wishes to pass to the server (the lenght should be specified with the Content-Length header). The payload is usually browser data, but there is no requirements.
-----
## Tools
- [Burp Suite]
- [FireBug] in Firefox
-----------------
[FireBug]: http://getfirebug.com/
[Burp Suite]: http://portswigger.net/burp/
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
[karmadecay]: http://karmadecay.com/
[tineye]: https://www.tineye.com/
[images.google.com]: https://images.google.com/?gws_rd=ssl
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
[subbrute.py]: https://github.com/SparkleHearts/subbrute
[pnginfo]: http://www.stillhq.com/pngtools/
[namechk]: http://namechk.com