WebPentest

Web Attacks

by
This entry is part 3 of 4 in the series Offensive Testing Enterprise Networks

Views: 12Enumeration & Brute Force Authentication enumeration is a fundamental aspect of security testing, concentrating specifically on the mechanisms that protect sensitive aspects of web applications; this process involves methodically inspecting various authentication components ranging from username validation to password policies and session management. Each of these elements is meticulously tested because they represent potential … Read more

Attacking Drupal

by

Views: 37Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more

Gobuster Cheat Sheet

by

Views: 60Common Gobuster Commands dir Mode With content length dns Mode With Show IP Base domain validation warning when the base domain fails to resolve Wildcard DNS is also detected properly: vhost Mode s3 Mode Available Modes Switch Description dir Directory brute-forcing mode dns DNS subdomain brute-forcing mode vhost Virtual host brute-forcing mode (not the … Read more

Complete Guide on ffuf

by
This entry is part 5 of 7 in the series Red Team Engagements

Views: 83In web application penetration testing, entry points are areas of an application where a user can input data or interact with the system, which an attacker could potentially exploit. Identifying these points is crucial because they represent potential paths for unauthorized access, data manipulation, or other malicious actions. Common entry points include form fields, … Read more

Fuff – Cheat Sheet

by

Views: 48Ffuf commands Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/ Sub-domain Fuzzing ffuf -w wordlist.txt:FUZZ -u http://nlabs.local:PORT/ … Read more