OWASP ZAP(ZED ATTACK PROXY) Automatically find vulnerabilities in web applications. Free and easy to use. It can also be used for manual testing. This is the welcome page. Options Page Scan Policy Setting Page. Attack this target URL http://10.0.0.24…

SQL INJECTION WHAT IS SQL? Most websites use a database to store data. Most data stored in it(usernames, passwords ..etc.) Web application reads, updates and inserts data in the database. Interaction with DB done using SQL. WHY ARE THEY SO DANGEROUS…

SQL INJECTION SQLMAP Tool designed to exploit SQL injections. Works with many DB types, MySQL, MSSQL ...etc. >sqlmap --help >sqlmap -u [target URL] Following are examples: sqlmap -u "http://10.0.0.24/mutillidae/index.php?page=user-info.php&…

REMOTE FILE INCLUSION Similar to local file inclusion. But allows an attacker to read ANY file from ANY server. Execute PHP files from other servers on the current server. Store PHP files on other servers as .txt. Pre-Condition: Set allow_url_include…

How to hack a website? An application installed on a computer. ->web application pen-testing A computer uses an OS + Other applications -> server-side attacks. Managed by humans -> client-side attacks Target: metastable VM…

WHAT IS A WEBSITE Computer with OS and some servers. Apache, MySQL ...etc. Cotains web application. PHP, Python ...etc. Web application is executed here and not on the client's machine. How to hack a website? An application installed on a computer. -…

 CRAWING DIRECTORIES Directories/folders inside the web root. Can contain files or other directories. Ex: target.com/directory plus.google.com/discover Target: Metasploitable2-Linux #!/usr/bin/env python import requests def request(url): try: return…

XSS VULNS XSS - CROSS SITE SCRIPTING VULNS Allow an attacker to inject javascript code into the page. The code is executed when the page loads. The code is executed on the client machine, not the server. Three main types: 1. Persistent/Stored XSS 2.…

SQL INJECTION Preventing SQLi Filters can be bypassed. Use a blacklist of commands? Still can be bypassed. Use whitelist? Same issue. -> Use parameterized statements, separate data from SQL code. <?php //$textbox1 = admin' union select # Select * fr…

SQL INJECTION Discovering SQLi in GET Inject by browser URL. Selecting Data From Database Change the number to a big one, then you can get a useful error message. And you can try different number to find the right column. Using “union select 1,2,3,4,…