Enumeration checklist
Checklist
Robots.txt
Web scanning
Web Scanning
Brute forcing HTTP(s) directories and files
HTTPs certification
Might have username
Script to preview the website from IP in html
Create a list of the IP and Extract PNG
Make it HTML pngtohtml.sh
Creating wordlist from webpage
cewl
Redirecting webpage automatically?
noredirect plugin
Login page
View source code
Use default password
Brute force directory first (sometime you don't need to login to pwn the machine)
Search credential by bruteforce directory
bruteforce credential
Search credential in other service port
Enumeration for the credential
Register first
SQL injection
XSS can be used to get the admin cookie
Bruteforce session cookie
Identify WAF
wafw00f
Find version vulnerability?
Google
HTTPS heartbleed
Scan for heartbleed
Password?
When presented with an enter credentials page, the first thing I try is common credentials (admin/admin, admin/password).
If that doesn’t work out, I look for default credentials online that are specific to the technology. Last, I use a password cracker if all else fails.
Log poisoning
From LFI to RCE
If you get local file inclusion for log, you maybe can log poisoning the log
Change user agent by intercept in burp to this to get reverse shell
Last updated