useful information

Brute force admin directories

medusa -h <ip> -u admin -P wordlist.txt -M http -m DIR:/test -T 10

General

ctrl+U View page source (in Firefox)

Gobsuter

gobuster dir -u http://10.10.10.121/ -w /usr/share/dirb/wordlists/common.txt Run a directory scan on a website.

gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt Run a sub-domain scan on a website

Dirbuster

Dirbuster &
Add php.txt.html

curl

curl -IL https://www.inlanefreight.com Grab website banner curl 10.10.10.121/robots.txt List potential directories in robots.txt.

Web certs

whatweb 10.10.10.121 List details about the webserver/certificates

Nikto

Nikto -h https://<IP>

(if doesn’t work try with http)

Davtest

Davtest -url <url>

Joomla

joomscan

joomscan -u <URL>

BurpSuite

Credential stuffing

• Use burp suite.

• Go to webpage.

• Go to sign in page.

• Intercept a login request.

• Right click Send to intruder.

• Clear positions

• Highlight email parameter and press add, do the same as password.

• Use pitchfork.

• Go to payloads.

• Paste emails into 1st payload.

• Paste passwords into 2nd payload.

• Run attack.

• Look for status or change in length.

Buffer Overflow

https://github.com/johnjhacking/Buffer-Overflow-Guide

Useful commands

/etc/hosts

You can append the IP address of the box to a domain name by going to /etc/hosts and adding domain-name target-ip

At the end of a URL, you can add

{{1+1}}

if this comes back with ‘page 2 cannot be found’, it means that python can be used to execute commands between these brackets .

Feroxbuster

used to brute force recursive directories

GitHub - epi052/feroxbuster: A fast, simple, recursive content discovery tool written in Rust.GitHub

Dalfox XXS scanning

cat file_URL.txt | hakrawler | gf | dalfox pipe | tee results.txt