WebPentest – Netwerk

Web Attacks

This entry is part 3 of 3 in the series Offensive Testing Enterprise Networks

Views: 2Enumeration & Brute Force Authentication enumeration is a fundamental aspect of security testing, concentrating specifically on the mechanisms that protect sensitive aspects of web applications; this process involves methodically inspecting various authentication components ranging from username validation to password policies and session management. Each of these elements is meticulously tested because they represent potential … Read more

HTTP 101

by Bharath Narayanasamy

This entry is part 2 of 5 in the series Red Team Engagements

CURL

by Bharath Narayanasamy

Views: 7WordPress

Attacking Drupal

by Bharath Narayanasamy

Views: 30Leveraging Known Vulnerabilities Over the years, Drupal core has suffered from a few serious remote code execution vulnerabilities, each dubbed Drupalgeddon. At the time of writing, there are 3 Drupalgeddon vulnerabilities in existence. Drupalgeddon Manual exploitation As stated previously, this flaw can be exploited by leveraging a pre-authentication SQL injection which can be used to … Read more

Attacking CMS – WordPress

by Bharath Narayanasamy

Attacking CMS – Drupal

by Bharath Narayanasamy

Attacking CMS – Joomla

by Bharath Narayanasamy

Gobuster Cheat Sheet

by Bharath Narayanasamy

Views: 54Common Gobuster Commands dir Mode With content length dns Mode With Show IP Base domain validation warning when the base domain fails to resolve Wildcard DNS is also detected properly: vhost Mode s3 Mode Available Modes Switch Description dir Directory brute-forcing mode dns DNS subdomain brute-forcing mode vhost Virtual host brute-forcing mode (not the … Read more

Complete Guide on ffuf

by Bharath Narayanasamy

Views: 64Fuzz Faster U Fool – v1.3.1 TryHackMe has an excellent room to learn and practice this tool. Highly recommended for beginners. ffuf -h At a minimum we’re required to supply two options: -u to specify an URL and -w to specify a wordlist. The default keyword FUZZ is used to tell ffuf where the wordlist entries will be injected. ffuf … Read more

Fuff – Cheat Sheet

by Bharath Narayanasamy

Views: 42Ffuf commands Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/ Sub-domain Fuzzing ffuf -w wordlist.txt:FUZZ -u http://nlabs.local:PORT/ … Read more