80,443 - Web
Foothold
source code
links
redirect
cookies
burpsuite
headers
Fuzzing
directories
files
files+extensions
subdomains
Login
default creds
credentials related to software
bruteforce
cupp
pydictor
crunch
Injection
IDOR
SQLi
SQL (PHP...)
NoSQL (Node...)
SSTI
XXE
XSS
Command Injection
Header Injection
Generate errors
Check resources showing input info
Symbols to cause errors
Playing with BurpSuite
send parameters empty
add symbols
change order of parameters
change content-type
content-type: if www-urlencoded ... change to application/json and format parameters
change http verbs (GET to POST, POST to OPTIONS, etc)
Credentials bruteforce
Hydra
From here https://github.com/vanhauser-thc/thc-hydra
hydra -L wordlist.txt -P wordlist.txt lanzand0nas.net http-post-form "/directory/master/login.php:username=^USER^&password=^PASS^:Wrong password for user admin" -d
ffuf
From here https://github.com/ffuf/ffuf
cat post-login.txt
POST /login.php HTTP/1.1
Host: 10.10.10.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
DNT: 1
[...]
username=FUZZ&password=s3cr3t
ffuf -c -w wordlist.txt -request post-login.txt -request-proto http
It will take the FUZZ word from the file and fuzzing over it.
Wfuzz
From here https://github.com/xmendez/wfuzz
Bypass 403 Forbidden
Specific Software
Jenkins
Last updated