# Web Exploits

## OS Command Injection

## SQLi

- Brute force password
- Timed SQLi
- Cookie force brute

## PHP Shells

- php primer
- xor
- exploits

## Scanners

- heartbleed

## User ID
- cookie auth
- user id

## Other Resources

#### When we have a Website/IP Address:

- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.

- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.

- Use the command ```dig``` or ```ping``` in Linux to find the IP  address of the website.

- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.

- Check the *robot.txt* file for hidden folders.

- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).




#### Tools

- [Burp Suite]
- [FireBug] in Firefox


-----------------
[FireBug]: http://getfirebug.com/
[Burp Suite]: http://portswigger.net/burp/
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
[karmadecay]: http://karmadecay.com/
[tineye]:  https://www.tineye.com/
[images.google.com]: https://images.google.com/?gws_rd=ssl
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
[subbrute.py]: https://github.com/SparkleHearts/subbrute
[pnginfo]: http://www.stillhq.com/pngtools/
[namechk]: http://namechk.com