80,443 - Web

Foothold

• source code

• links

• redirect

• cookies

• burpsuite

• headers

  • shcheck

Fuzzing

• directories

• files

• files+extensions

• subdomains

Login

• default creds

• credentials related to software

• bruteforce

  • cupp

  • pydictor

  • crunch

  • psudohash

  • password-permutor

  • statistically-likely-usernames

  • username-anarchy

Injection

• IDOR

• SQLi

  • SQL (PHP...)

  • NoSQL (Node...)

  • Header Based Injection

• SSTI

• XXE

• XSS

• Command Injection

• Header Injection

Generate errors

• Check resources showing input info

• Symbols to cause errors

Intercept with burp

• send parameters empty

• add symbols

• change order of parameters

• change content-type

• content-type: if www-urlencoded ... change to application/json and format parameters

• change http verbs (GET to POST, POST to OPTIONS, etc)

Bruteforce

• Hydra hydra -L allowed.userlist -P allowed.userlist.passwd 10.10.10.10 http-post-form "/login.php

• ffuf

• wfuzz

Specific Software

Jenkins

• https://github.com/stevenvegar/Jenkins_scripts