websecurity

Web_Security/README.md

@@ -49,6 +49,7 @@ $ wget -rck <TARGET-WEBSITE>
 
 ```
 $ /wget -r -l1 -H -t1 -nd -N -nd -N -A.swf -erobots=off <WEBSITE> -i output_swf_files.txt
+```
 
 * Once we have identified and downloaded *.swf files, we must analyze the code, the functions (as *loadMovie*) variables in order to identify those that call and allow other types of vulnerabilities such as cross site scripting. Below shows some vulnerable functions:
 
@@ -72,7 +73,7 @@ ExternalInterface.addCallback
 SharedObject.getLocal, SharedObject.getRemote
 ```
 
-		* authentication system: the first thing is to determine if the website stored the credentials in the browser. This could be exploited with attacks on defaults accounts and dictionary attacks. The default accounts are: admin, administrator, root, system, user, default, name application. We can use **hydra** for this:
+* authentication system: the first thing is to determine if the website stored the credentials in the browser. This could be exploited with attacks on defaults accounts and dictionary attacks. The default accounts are: admin, administrator, root, system, user, default, name application. We can use **hydra** for this:
 
 ```
 $ hydra -L users.txt -P pass.txt <WEBSTE> http-head/private