Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-26 02:29:07 -04:00
Code Issues Packages Projects Releases Wiki Activity
sec-pentesting-toolkit/Web_Exploits/README.md
Mari Wahl bdcecd360b reorganizing
2014-11-03 11:05:34 -05:00

1.5 KiB
Raw Blame History

Web Exploits

OS Command Injection

SQLi

  • Brute force password
  • Timed SQLi
  • Cookie force brute

PHP Shells

  • php primer
  • xor
  • exploits

Scanners

  • heartbleed

User ID

  • cookie auth
  • user id

Other Resources

When we have a Website/IP Address:

  • Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.

  • We brute force the subdomains, for example, with subbrute.py. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.

  • Use the command dig or ping in Linux to find the IP address of the website.

  • wgetting the entire website with something like wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>.

  • Check the robot.txt file for hidden folders.

  • Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).

Tools