mirror of
https://github.com/autistic-symposium/sec-pentesting-toolkit.git
synced 2025-04-26 02:29:07 -04:00
62 lines
1.5 KiB
Markdown
62 lines
1.5 KiB
Markdown
# Web Exploits
|
|
|
|
## OS Command Injection
|
|
|
|
## SQLi
|
|
|
|
- Brute force password
|
|
- Timed SQLi
|
|
- Cookie force brute
|
|
|
|
## PHP Shells
|
|
|
|
- php primer
|
|
- xor
|
|
- exploits
|
|
|
|
## Scanners
|
|
|
|
- heartbleed
|
|
|
|
## User ID
|
|
- cookie auth
|
|
- user id
|
|
|
|
## Other Resources
|
|
|
|
#### When we have a Website/IP Address:
|
|
|
|
- Try to add folders to the domain, such as http://csaw2014.website.com or http://key.website.com.
|
|
|
|
- We brute force the subdomains, for example, with [subbrute.py]. This tool performs multi-threaded DNS lookups to a configurable list of DNS resolvers, searching through a list of possible subdomains.
|
|
|
|
- Use the command ```dig``` or ```ping``` in Linux to find the IP address of the website.
|
|
|
|
- *wgetting* the entire website with something like ```wget -e robots=off --tries=40 -r -H -l 4 <WEBSITE>```.
|
|
|
|
- Check the *robot.txt* file for hidden folders.
|
|
|
|
- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax).
|
|
|
|
|
|
|
|
|
|
#### Tools
|
|
|
|
- [Burp Suite]
|
|
- [FireBug] in Firefox
|
|
|
|
|
|
-----------------
|
|
[FireBug]: http://getfirebug.com/
|
|
[Burp Suite]: http://portswigger.net/burp/
|
|
[pngcheck]: http://www.libpng.org/pub/png/apps/pngcheck.html
|
|
[karmadecay]: http://karmadecay.com/
|
|
[tineye]: https://www.tineye.com/
|
|
[images.google.com]: https://images.google.com/?gws_rd=ssl
|
|
[base64 decoding]: http://www.motobit.com/util/base64-decoder-encoder.asp
|
|
[subbrute.py]: https://github.com/SparkleHearts/subbrute
|
|
[pnginfo]: http://www.stillhq.com/pngtools/
|
|
[namechk]: http://namechk.com
|
|
|