Just updated the challenges.
http://www.sudo.co.il/xss/
Stay tuned.
Monday, June 20, 2016
Tuesday, June 7, 2016
Web-App Penetration Testing Cheat-Sheet
Target: example.com
quick post... any suggestions?
- example.com/robots.txt
- Login Page? Default Credentials.
- Wordpress: wpscan --url example.com --enumerate vp --random-agent
- nikto -host test.com
- wfuzz -I -c t 60 -w your_dictionary.txt --hc 404,302 http://example.com/FUZZ.php // i like it more than dirbuster
- Open Burp Suite, explore application, analyze requests/responses.
- Pass to every parameter character validation locator '">my_string\ //there Apostrophe, Quote and escaping char at the end.
- Configure Burp to intercept responses if "my_string" is found. // This may reveal XSS & SQL Injection and other errors
- Is there file upload functionality?
- "page" param in url? LFI/RFI?
- XML? XXE.
- See console-alike output? Command Injection?
- In case of command injection, don't forget to: nc sudo.co.il 5353
- Is there WebSockets? Open network tab in browser or Burp Suite for easy examination.
- Google for outdated scripts: site:example.com ext:php
- In google's results, append to the end of url: &filter=0&start=900 to analyze most outdated results.
- Look for application logic issues: like sending price in request.
- Suggestions??
quick post... any suggestions?
Knocking Server in 50 lines with Scapy
You may prefer knockd daemon, but i prefer something custom.. as always.
If you don't know what it is, google for Port Knocking.
Get my knocking client-server:
git clone https://github.com/nopernik/knocking-client-server
On server-side, i have this iptables config:
I'm using whitelisting technique, so all policies set to DROP.
This particular machine will not reply to pings, and will seem to be down.
But, it runs my knocking server and web server in background.
It will accept connection to the web server only if knocking-client will active.
Configuration is pretty simple, just open the source.
If you don't know what it is, google for Port Knocking.
Get my knocking client-server:
git clone https://github.com/nopernik/knocking-client-server
On server-side, i have this iptables config:
root@ubuntu:~# iptables-save *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT COMMIT
I'm using whitelisting technique, so all policies set to DROP.
This particular machine will not reply to pings, and will seem to be down.
But, it runs my knocking server and web server in background.
It will accept connection to the web server only if knocking-client will active.
Configuration is pretty simple, just open the source.
Subscribe to:
Posts (Atom)