WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

 CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories. Ex: target.com/directory plus.google.com/discover Target: Metasploitable2-Linux #!/usr/bin/env python import requests def request(url): try: return…

Guessing Login Information on Login Pages Our target website: http://10.0.0.45/dvwa/login.php #!/usr/bin/env python import requests target_url = "http://10.0.0.45/dvwa/login.php" data_dict = {"username": "dfdfddfd", "pas…

CRAWING SPIDER Goal -> Recursively list all links starting from a base URL. 1. Read page HTML. 2. Extract all links. 3. Repeat for each new link that is not already on the list. #!/usr/bin/env python import re import requests from urllib.parse import…

CRAWLING SUMMARY Our crawler so far can guess: Subdomains. Directories. Files. Advantages: ->Discover "hidden" paths/paths admin does not want us to know. Disadvantages: -> Will does not discover everything. Solution: -> Analyse discove…

OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

CODE EXECUTION VULNS Allows an attacker to execute OS commands. Windows or Linux commands. Can be used to get a reverse shell. Or upload any file using wget command. Code execution commands attached in the resources. The following examples assums the…