Web App Attack - Techno Herder

Quick Reverse Shell Evading AV Detection

by TechnoHerder : May 18, 2023May 18, 2023 Leave a comment

Quickly build a simple reverse shell that evades Windows Anti-Virus (AV) detection using default Kali Linux tools. Mitigation recommendations are presented at the end of the article for defense fortification.

Hacking 101 Web App Attack

Easy Reverse Shell through WordPress Plugin

by TechnoHerder : May 8, 2023May 11, 2023 1 Comment

Quick easy steps to create a WordPress pugin that will give you a reverse shell.

Web App Attack

JWT Attacks

by TechnoHerder : December 7, 2022January 2, 2023 1 Comment

JSON Web Token (JWT) is the proposed Internet standard, RFC 7519, for creating data with optional signature and/or optional encryption whose payload holds JSON that asserts some number of claims. The tokens are signed using a private secret or a public/private key. Let’s take a deeper dive into decoding and manipulating JWTs. This is a […]

Tools Web App Attack

Web Server Scanning With Nikto — An Introduction

by TechnoHerder : November 25, 2022January 4, 2023 Leave a comment

Nikto is an open-source scanner that helps find vulnerabilities in web servers. You can scan your web apps for vulnerabilities like misconfigured services, dangerous files, and thousands of other potential security issues using Nikto. Websites are a critical part of almost every business or organization in the world. From your nearby florist to global brands, […]

Web App Attack

Web Attack Cheat Sheet

by TechnoHerder : November 21, 2022January 2, 2023 2 Comments

Discovering Targets https://github.com/arkadiyt/bounty-targets-data# This repo contains data dumps of Hackerone and Bugcrowd scopes (i.e. the domains that are eligible for bug bounty reports). IP Enumeration http://www.asnlookup.com# This tool leverages ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes. https://github.com/pielco11/fav-up# Lookups for real IP starting from the favicon […]

Web App Attack

Vendor Search

by TechnoHerder : October 13, 2022January 7, 2023 Leave a comment

Get this awesome resource: We will use jq to filter to only the top ten thousand items that have a package name with grep, strip any extra characters with cut, then redirect the output to npm-10000.txt. Grab all the vendor names from the Target web application. We are searching for packages in the /js/vendor/ directory […]

Hacking 101 Web App Attack

Cross-Origin Resource Sharing (CORS)

by TechnoHerder : October 13, 2022January 4, 2023 Leave a comment

Notes https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Same Origin Policy prevents one origin from accessing resources on a different origin, this includes JavaScript & HTTP Requests. Requests made by http://a.com/latest URL Result Reason https://a.com/myInfo Allowed Same Origin **http:**//a.com/users.json Blocked Different Schema and Port https://**api**.a.com/info Blocked Different Domain https://a.com**:8443**/file Blocked Different port https://**b**.com/analytics Blocked Different Domain Please note images and iframes […]

Web App Attack

Web Attack Notes

by TechnoHerder : October 12, 2022January 7, 2023 Leave a comment

Server-Side Template Injection A certificate is self-signed if the subject and issuer match. CSV Injection And the following one which will take data from cells c1 and c20 and send it to a server/port under your control: XXE Password Tests Insufficient Input Validation JavaScript Unicode Values PostgreSQL Prototype Pollution XSS Cross-Origin Resource Sharing Test SQLi […]

Web App Attack

Web Tools Cheatsheet

by TechnoHerder : October 12, 2022January 7, 2023 Leave a comment

TestSSL https://github.com/drwetter/testssl.sh SSLyze https://github.com/nabla-c0d3/sslyze Smuggler https://github.com/defparam/smuggler OpenSSL https://github.com/openssl/openssl SSLScan https://github.com/openssl/openssl YAWAST https://github.com/adamcaudill/yawast SQLMap https://github.com/sqlmapproject/sqlmap Tamper scripts MSSQL: tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes MySQL: tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor General Tamper testing: tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,percentage,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes NoSQLMap ClickJacking Change opacity to 0.0001 for malicious intent: Gobuster https://github.com/OJ/gobuster Dirsearch https://github.com/maurosoria/dirsearch Wfuzz https://github.com/xmendez/wfuzz dnscaa https://github.com/weppos/dnscaa Follow these instructions to install dnscaa: Malicious PDF Generator https://github.com/jonaslejon/malicious-pdf Usage Output will be […]

Web App Attack

Common Web Application Attack Techniques

by TechnoHerder : June 11, 2021January 2, 2023 Leave a comment

Commonalities Among Web Application Vulnerabilities Web applications interact with many different users at the same time over a network, and as such, must be easily accessible to a large number of people. This accessibility leads to attackers manipulating various components of web apps in order to steal sensitive data, compromise other users’ sessions, disrupt the […]