Dynamic Application Security Testing (DAST) is the process of testing a running instance of a web application for weaknesses and vulnerabilities. It focuses on a black-box testing approach where vulnerabilities are found just like a regular attacker would find them. Simply put, DAST identifies vulnerabilities by trying to exploit them, either manually or through automated tools. It is … Read more
WPScan WPScan capabilities Update the local database of WPScan The local database can be updated with the following command: wpscan –update Enumeration Modes When enumerating the WordPress version, installed plugins or installed themes, you can use three different “modes”, which are: The following enumeration options exist: If no option is supplied to the -e flag, then the … Read more
Burp Suite Target: This tool allows you to visualize your target application’s contents in a folder structure hierarchy that corresponds to the site’s URL structure. This section shows all of the content that has been is covered until now, by manually browsing the site’s pages.Proxy: This is the main engine of Burp, which allows it … Read more
This room is based on a windows machine, in which we need to leverage common misconfigurations. This vulnerable machine is available in TryHackMe site. Link https://tryhackme.com/room/blue However, I will be running the machine in my local VMware lab for this write-up. Video Walkthrough Enumeration with Nmap: Interesting Info from nmap scan: Ports 135, 139, 445, … Read more
Enum4Linux enum4linux -a target-ip Do Everything, runs all options apart from dictionary based share name guessing Extract OS Information enum4linux -s shares.txt target-ip Perform a dictionary attack, if the server doesn’t let you retrieve a share list enum4linux -i target-ip Pull information about printers known to the remove device. Lists usernames, if the server allows … Read more
SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks. Link to … Read more
Installing Impacket: As a First step, to clone the Impacket Github repo onto the KALI Linuxmachine. The following command will clone Impacket into /opt/impacket: git clone https://github.com/SecureAuthCorp/impacket.git /opt/impacket After the repo is cloned, verify the install related files, requirements.txt, and setup.py. Setup.py, this actually installs Impacket onto your system so you can use Impacket and not … Read more
Powershell is the Windows Scripting Language and shell environment that is built using the .NET framework. Most Powershell commands, called cmdlets, are written in .NET. The normal format of a cmdlet is represented using Verb-Noun. For example the cmdlet to list commands is called Get-Command and the command to get help is Get-Help. E.g.; Get-Help Command-Name Somewhat Object-oriented – which makes it convenient … Read more
