# 80,443 - Web

## Foothold

* source code
* links
* redirect
* cookies
* burpsuite
* headers
  * [shcheck](https://github.com/santoru/shcheck)

## Fuzzing

* directories (use different wordlists)
* files  (use different wordlists)
* files+extensions  (use different wordlists)
* subdomains  (use different wordlists)

## Login

* default creds
* credentials related to software
* bruteforce
  * cupp
  * pydictor
  * crunch
  * [psudohash](https://github.com/t3l3machus/psudohash)
  * [password-permutor](https://github.com/trevphil/password-permutor)
  * [statistically-likely-usernames](https://github.com/insidetrust/statistically-likely-usernames)
  * [username-anarchy](https://github.com/urbanadventurer/username-anarchy)
  * [password-stretcher](https://github.com/TheTechromancer/password-stretcher)

## Injection

* IDOR
* SQLi
  * SQL (PHP...)
  * NoSQL (Node...)
  * [Header Based Injection](https://github.com/SAPT01/HBSQLI)
* SSTI
* XXE
* XSS
* Command Injection
* Header Injection

## Generate errors

* Check resources showing input info
* Symbols to cause errors

## Playing with BurpSuite

* send parameters empty
* add symbols
* change order of parameters
* change content-type
* content-type: if www-urlencoded ... change to application/json and format parameters
* change http verbs (GET to POST, POST to OPTIONS, etc)

## Credentials bruteforce

### Hydra

From here <https://github.com/vanhauser-thc/thc-hydra>

```bash
hydra -L wordlist.txt -P wordlist.txt lanzand0nas.net http-post-form "/directory/master/login.php:username=^USER^&password=^PASS^:Wrong password for user admin" -d
```

### ffuf

From here <https://github.com/ffuf/ffuf>

```bash
cat post-login.txt
```

```html
POST /login.php HTTP/1.1
Host: 10.10.10.10
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
DNT: 1
[...]

username=FUZZ&password=s3cr3t
```

```bash
ffuf -c -w wordlist.txt -request post-login.txt -request-proto http
```

It will take the FUZZ word from the file and fuzzing over it.

### Wfuzz

From here <https://github.com/xmendez/wfuzz>

## Bypass 403 Forbidden

* <https://github.com/devploit/nomore403>

## Specific Software

### Jenkins

* <https://github.com/stevenvegar/Jenkins_scripts>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lanzt.gitbook.io/cheatsheet-pentest/port-enumeration/80-443-web.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.