- Concepts
1. Burp Suite: Tool for web application security testing.
- Intercepting Proxy: Acts as a web proxy that allows you to intercept and modify HTTP/S traffic between your browser and the server.
- Spider (Crawler): Automates the process of mapping a web application by crawling its pages to find links and endpoints.
- Scanner: Automatically scans for vulnerabilities like SQL injection, XSS, CSRF, and more
- Intruder: Brute force attacks, fuzzing, and testing for injection points.
- Repeater: Allows manual modification and resending of intercepted requests to analyze the server's behavior.
- Sequencer: Analyzes the randomness of tokens (e.g., session IDs or CSRF tokens) to check for predictability.
- Decoder: Decodes and encodes data like Base64, URL encoding, or ASCII to identify hidden vulnerabilities.
- Comparer: Helps compare responses or requests to identify differences that might indicate security issues.
- Extender: Allows integration of third-party extensions to extend the tool's capabilities.
- Collaborator: Tests for vulnerabilities requiring external interaction, such as blind SQL injection or SSRF.
2. SearchSploit: Searches through the exploit database for available exploits and shellcode.
3. Metasploit: Helps indentify and exploit system vulnerabilties.
- Commands
1. grep -R {pattern} {directory}: Recursively searches for a specified pattern in all files within a directory and its subdirectories.
2. awk -F: '{print $1}':
- F: Specifies the delimeter (in this case, a colon ':'). Fileds in the input are split based on this delimiter
- {print $1}: Executes the 'print' command. Prints field 1.
3. Ctrl + U: Views source code of the page in a web browser.
4. searchsploit {specific term}: Searches for exploits related to specific term.
5. searchsploit -p 39446: Displays detailed information about the exploit with the ID 39446
6. searchsploit -m 39446: Copies the exploit code with ID 39446 to your current working directory
7. Ctrl + R: Searches through command history interactively.
8. hydra: Password-cracking tool used for brute force attacks
- hydra -L {username list} -P {password_list} {target_IP} {protocol_to target(e.g., ssh, ftp}
9. file {file_name}: Displays the type of a file.
10. GIF8; : Put this on the top of the file. It's the magic byte for a gif.
11. Burp Suite
- Ctrl + U: Safe encoding or URL encoding
12. mkdir -p {dir_path}: All parent directories in the specified path are created if they don't exist.
13. ldd {file}: Displays the shared libraries required by an executable or shared object.
14. /etc/lsb-release: Configuration file in Linux that provides information about the OS
