Web App Attack

JWT Attacks

JSON Web Token (JWT) is the proposed Internet standard, RFC 7519, for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed using a private secret or a public/private key. Let’s take a deeper dive into decoding and manipulating JWTs. This is a […]

Tools Web App Attack

Web Server Scanning With Nikto — An Introduction

Nikto is an open-source scanner that helps find vulnerabilities in web servers. You can scan your web apps for vulnerabilities like misconfigured services, dangerous files, and thousands of other potential security issues using Nikto. Websites are a critical part of almost every business or organization in the world. From your nearby florist to global brands, […]

Web App Attack

Web Attack Cheat Sheet

Discovering Targets https://github.com/arkadiyt/bounty-targets-data# This repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). IP Enumeration http://www.asnlookup.com# This tool leverages ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes. https://github.com/pielco11/fav-up# Lookups for real IP starting from the favicon […]

Hacking 101 Web App Attack

Cross-Origin Resource Sharing (CORS)

Notes https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Same Origin Policy prevents one origin from accessing resources on a different origin, this includes JavaScript & HTTP Requests. Requests made by http://a.com/latest URL Result Reason https://a.com/myInfo Allowed Same Origin **http:**//a.com/users.json Blocked Different Schema and Port https://**api**.a.com/info Blocked Different Domain https://a.com**:8443**/file Blocked Different port https://**b**.com/analytics Blocked Different Domain Please note images and iframes […]

Web App Attack

Web Attack Notes

Server-Side Template Injection A certificate is self-signed if the subject and issuer match. CSV Injection And the following one which will take data from cells c1 and c20 and send it to a server/port under your control: XXE Password Tests Insufficient Input Validation JavaScript Unicode Values PostgreSQL Prototype Pollution XSS Cross-Origin Resource Sharing Test SQLi […]

Web App Attack

Web Tools Cheatsheet

TestSSL https://github.com/drwetter/testssl.sh SSLyze https://github.com/nabla-c0d3/sslyze Smuggler https://github.com/defparam/smuggler OpenSSL https://github.com/openssl/openssl SSLScan https://github.com/openssl/openssl YAWAST https://github.com/adamcaudill/yawast SQLMap https://github.com/sqlmapproject/sqlmap Tamper scripts MSSQL: tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes MySQL: tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor General Tamper testing: tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,percentage,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes NoSQLMap ClickJacking Change opacity to 0.0001 for malicious intent: Gobuster https://github.com/OJ/gobuster Dirsearch https://github.com/maurosoria/dirsearch Wfuzz https://github.com/xmendez/wfuzz dnscaa https://github.com/weppos/dnscaa Follow these instructions to install dnscaa: Malicious PDF Generator https://github.com/jonaslejon/malicious-pdf Usage Output will be […]