Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-05-17 14:10:31 -04:00
Code Issues Projects Releases Packages Wiki Activity
sec-pentesting-toolkit/Web_Exploits
History
Mari Wahl bdcecd360b reorganizing
2014-11-03 11:05:34 -05:00
..
OS_Command_Injection web apps and natas 2014-10-16 06:14:45 -04:00
php_shells Reorganized 2014-11-03 10:49:17 -05:00
scanners hacklu ctf 2014-10-27 08:51:29 -04:00
SQLi hacklu ctf 2014-10-27 08:51:29 -04:00
user_id web apps and natas 2014-10-16 06:14:45 -04:00
README.md reorganizing 2014-11-03 11:05:34 -05:00

README.md

Web Exploits

OS Command Injection

SQLi

  • Brute force password
  • Timed SQLi
  • Cookie force brute

PHP Shells

  • php primer
  • xor
  • exploits

Scanners

  • heartbleed

User ID

  • cookie auth
  • user id

Other Resources

When we have a Website/IP Address:

  • Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.

  • We brute force the subdomains, for example, with subbrute.py. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.

  • Use the command dig or ping in Linux to find the IP address of the website.

  • wgetting the entire website with something like wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>.

  • Check the robot.txt file for hidden folders.

  • Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).

Tools