forked from mariusv/Gray-Hacker-and-PenTesting
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
bt3
committed
Nov 5, 2014
1 parent
69d06e1
commit a220272
Showing
2 changed files
with
65 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,26 +2,36 @@ | |
|
||
## OS Command Injection | ||
|
||
--- | ||
|
||
## SQLi | ||
|
||
- Brute force password | ||
- Timed SQLi | ||
- Cookie force brute | ||
|
||
|
||
--- | ||
## PHP Shells | ||
|
||
- php primer | ||
- xor | ||
- exploits | ||
|
||
---- | ||
|
||
## Scanners | ||
|
||
- heartbleed | ||
|
||
|
||
----- | ||
## User ID | ||
- cookie auth | ||
- user id | ||
|
||
---- | ||
|
||
## Other Resources | ||
|
||
#### When we have a Website/IP Address: | ||
|
@@ -39,14 +49,58 @@ | |
- Inspect the DOM using the browser's developer tools to look for HTML comments (plain view-source won't work when the content is loaded through Ajax). | ||
|
||
|
||
----- | ||
|
||
## URLs | ||
|
||
#### Octal | ||
|
||
- Example: http:https://017700000001 --> 127.0.0.1 | ||
|
||
- For example 206.191.158.50: | ||
|
||
((206 * 256 + 191) * 256 + 158 ) * 256 + 50 = 3468664370. | ||
|
||
Now, there is a further step that can make this address even more obscure. You can add to this dword number, any multiple of the quantity 4294967296 (2564) | ||
|
||
|
||
#### Great @ | ||
|
||
-Everything between "http:https://" and "@" is completely irrelevant | ||
|
||
#### Tools | ||
``` | ||
http:https://doesn'[email protected] | ||
http:https://!$^&*()_+`-={}|[]:;@www.google.com | ||
``` | ||
|
||
- @ symbol can be represented by its hex code %40 | ||
- dots are %2e | ||
|
||
|
||
|
||
---- | ||
|
||
## HTTP | ||
|
||
The first line of a request is modified to include protocol version information and it's followed by zero or more name:value pairs (headers): | ||
- User-Agent: browser version information | ||
- Host: URL hostanme | ||
- Accept: supported MIME documents( such as text/plain or audio/MPEG) | ||
- Accept-Language: supported language codes | ||
- Referer: originating page for the request | ||
|
||
|
||
|
||
----- | ||
## Tools | ||
|
||
- [Burp Suite] | ||
- [FireBug] in Firefox | ||
|
||
|
||
|
||
|
||
|
||
----------------- | ||
[FireBug]: http:https://getfirebug.com/ | ||
[Burp Suite]: http:https://portswigger.net/burp/ | ||
|