Hydra is a very good brute force tool in Kali Linux. It is very effective but requires some understanding to make sure it works as intended. In this case, I will use it to brute force the admin account in the web app, but hydra can be used for muchContinue Reading
Having an efficient methodology of pentesting can be the most important part of effective work. Simple case, log into the admin account. I could have launched BurpSuite or started brute-forcing my way into the account. Or in my case, just look at the source code. In just 30 seconds, IContinue Reading
This lab has a “Check stock” feature that parses XML input and returns any unexpected values in the response. To solve the lab, inject an XML external entity to retrieve the contents of the `/etc/passwd` file. First, let’s collect some information on the webapp. Let’s click around the store andContinue Reading
Insecure deserialization can be a very critical vulnerability for a website. In this lab, we need to use credentials we already have to exploit insecure deserialization vulnerability, escalate privileges and delete Carlos’s account. First, we log into our account and use BurpSuite to see what we have going on. WeContinue Reading
This lab covers basic server-side template injection. “This lab is vulnerable to server-side template injection due to the unsafe construction of an ERB template. To solve the lab, review the ERB documentation to find out how to execute arbitrary code, then delete the `morale.txt` file from Carlos’s home directory.” AsContinue Reading
PortSwigger Academy defines CORS vulnerability as follows: “Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy. However, it also provides potential for cross-domain attacks, if a website’s CORS policy isContinue Reading
PortSwigger Academy describes CSRF as “Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to preventContinue Reading
Insecure direct object references (IDOR) is a vulnerability that allows access to parts of the webapp a particular user doesn’t necessarily have permission to. An example of it can be having consecutive numbers enumerating user accounts or text files stored on a server. As a proof of concept “This labContinue Reading
The goal of this lab is to exploit a stored cross-site scripting vulnerability in the blog comments by calling an alert function when the blog post is viewed. First, let’s check how the website responds to the posted comment. Rather than just type in a regular comment, I decided toContinue Reading
As per PortSwigger Academy: “This lab contains a simple reflected cross-site scripting vulnerability in the search functionality. To solve the lab, perform a cross-site scripting attack that calls the alert function.” This lab is a fantastic illustration of how important it is to know the basics of the language syntaxContinue Reading