80,443 - Web

Foothold

source code
links
redirect
cookies
burpsuite
headers
- shcheck

Fuzzing

directories
files
files+extensions
subdomains

default creds
credentials related to software
bruteforce
- cupp
- pydictor
- crunch
- psudohash
- password-permutor
- statistically-likely-usernames
- username-anarchy
- password-stretcher

Injection

IDOR
SQLi
- SQL (PHP...)
- NoSQL (Node...)
- Header Based Injection
SSTI
XXE
XSS
Command Injection
Header Injection

Generate errors

Check resources showing input info
Symbols to cause errors

Playing with BurpSuite

send parameters empty
add symbols
change order of parameters
change content-type
content-type: if www-urlencoded ... change to application/json and format parameters
change http verbs (GET to POST, POST to OPTIONS, etc)

Credentials bruteforce

Hydra

From here https://github.com/vanhauser-thc/thc-hydra

hydra -L wordlist.txt -P wordlist.txt lanzand0nas.net http-post-form "/directory/master/login.php:username=^USER^&password=^PASS^:Wrong password for user admin" -d

ffuf

From here https://github.com/ffuf/ffuf

cat post-login.txt

POST /login.php HTTP/1.1
Host: 10.10.10.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
DNT: 1
[...]

username=FUZZ&password=s3cr3t

ffuf -c -w wordlist.txt -request post-login.txt -request-proto http

It will take the FUZZ word from the file and fuzzing over it.

Wfuzz

From here https://github.com/xmendez/wfuzz

Bypass 403 Forbidden

https://github.com/devploit/nomore403

Specific Software

Jenkins

https://github.com/stevenvegar/Jenkins_scripts

Previous53 - DNS NextIdentify php.ini file used

Last updated 8 months ago

Foothold

Fuzzing

Login

Injection

Generate errors

Playing with BurpSuite

Credentials bruteforce

Hydra

ffuf

Wfuzz

Bypass 403 Forbidden

Specific Software

Jenkins