Comment on page

80,443 - Web

Foothold
source code
links
redirect
cookies
burpsuite
headers
​shcheck​
Fuzzing
directories
files
files+extensions
subdomains
Login
default creds
credentials related to software
bruteforce
cupp
pydictor
crunch
​psudohash​
​password-permutor​
​statistically-likely-usernames​
​username-anarchy​
Injection
IDOR
SQLi
SQL (PHP...)
NoSQL (Node...)
​Header Based Injection​
SSTI
XXE
XSS
Command Injection
Header Injection
Generate errors
Check resources showing input info
Symbols to cause errors
Intercept with burp
send parameters empty
add symbols
change order of parameters
change content-type
content-type: if www-urlencoded ... change to application/json and format parameters
change http verbs (GET to POST, POST to OPTIONS, etc)
Bruteforce
​Hydra hydra -L allowed.userlist -P allowed.userlist.passwd 10.10.10.10 http-post-form "/login.php
ffuf
wfuzz

Ports - Previous

53 - DNS

SQLi

Last modified 4mo ago