Basic Recon

Web Application Assessment Methodology

  • What does the application do?

  • What language is it written in?

  • What server software is the application running on?

Web Application Enumeration

  • Programming language and frameworks

  • Web Server Software

  • Database software

  • Server Operating System

Web Checklist

# Default Credentials
- /robots.txt
- admin/admin, admin/password, admin/machine-name, machine-name/machine-name
- Search on google for default credential of the application
- Hydra
- /Fuzz - applciation/Fuzz - index.php/fuzz
- Fuzz with extension(.txt,.conf,txt,html,php,asp,aspx,jsp,db,sql,exe,config,db
bak,cgi,ps1,py,ini,js,sh,.php,.txt,.json,.html
- SQL Bypass Auth
- Entry Point: ' '' ` ') ") `) ')) ")) `)) 
- Password Field: ' || ''==' ( No SQL Injection Payload )
- admin' or 1==1 
- ' or 1=1 -- -
- ' || 1=1 -- -
- whatweb -v
- Customize login password with array  (username=admin&password[]=)
- /index.[php,html,asp.aspx] or /randomthing-get-error
- LFI / Directory Traversal -> SSH key
- LFI / Configuration of Service File
- Checking eval() 2+2 2*2
- Checking with POST request
- WordPress Plugin vulnerable
- Check Source Code to Find Plugin install
- Looking for hostname and Zone Transfer
- ?file=/etc/passwd (absolute path)
- ?file=../../../etc/passwd - ?file=../../../../etc/passwd
- ?file=../../../../var/log/apache2/access.log
- ?file=../../../../var/www/html/index.php

WordPress

Gobuster

  • -x : specific file extension

  • -k : disable check certificate error

  • --exclude-length: exclude specific length not to display

  • -o: for output

  • -f: add / at the end of the file

  • -n: not to print specific status code

  • -w: wordlist

  • -t for thread

Create loop to scan

Through Proxy

Dirbuster

Nikto

Username Enum

Curl Command

Webdev

Nmap

PreviousWeb ApplicationNextCyber Security Courses Journey

Last updated