eCPPTv3-PTP-Notes
HomeGitHubPortfolioTwitter/XMediumCont@ct
  • 📝eCPPT / PTP - Notes
    • eCPPTv3
      • 1️⃣1 - Resource Development & Initial Access
        • 1.1 - PowerShell for Pentesters
        • 1.2 - Client-Side Attacks
          • 1.2.1 - System/Host Based Attacks
            • 1.2.1.1 Windows Vulnerabilities
          • 1.2.2 - The Metasploit Framework (MSF)
            • 1.2.2.1 MSF Introduction
            • 1.2.2.2 Information Gathering & Enumeration
            • 1.2.2.3 Vulnerability Scanning
            • 1.2.2.4 Client-Side Attacks
            • 1.2.2.5 Post Exploitation
            • 1.2.2.6 Armitage
          • 1.2.3 Exploitation
          • 1.2.4 Social Engineering
      • 2️⃣2 - Web Application Penetration Testing
        • 2.1 - Web App Concepts
          • 2.1.1 HTTP/S Protocol
          • 2.1.2 Encoding
          • 2.1.3 Same Origin
          • 2.1.4 Cookies
          • 2.1.5 Session
          • 2.1.6 Web App Proxies
        • 2.2 - Information Gathering
          • 2.2.1 Gathering Information on Your Targets
          • 2.2.2 Infrastructure
          • 2.2.3 Fingerprinting Frameworks and Applications
          • 2.2.4 Fingerprinting Custom Applications
          • 2.2.5 Enumerating Resources
          • 2.2.6 Information Disclosure Through Misconfiguration
          • 2.2.7 Google Hacking
          • 2.2.8 Shodan HQ
        • 2.3 - Cross Site Scripting
          • 2.3.1 XSS Anatomy
          • 2.3.2 Reflected XSS
          • 2.3.3 Stored XSS
          • 2.3.4 DOM-Based XSS
          • 2.3.5 Identifying & Exploiting XSS with XSSer
        • 2.4 - SQL Injection
          • 2.4.1 Introduction to SQL Injection
          • 2.4.2 Finding SQL Injection
          • 2.4.3 Exploiting In-Band SQL Injection
          • 2.4.4 Exploiting Error-Based SQL Injection
          • 2.4.5 Exploiting Blind SQL Injection
          • 2.4.6 SQLMap
          • 2.4.7 Mitigation Strategies
          • 2.4.8 From SQLi to Server Takeover
        • 2.5 - Other Common Web Attacks
          • 2.5.1 Session Attacks
          • 2.5.2 CSRF
          • 2.5.3 File and Resource Attacks
      • 3️⃣3 - Network Security
        • 3.1 Network Based Attacks
        • 3.2 Linux Vulnerabilities
        • 3.3 - Exploitation
          • 3.3.1 Linux Exploitation
      • 4️⃣4 - Exploit Development
        • 4.1 Architecture Foundamentals
        • 4.2 Assemblers and Tools
        • 4.3 Buffer Overflow
        • 4.4 Cryptography
        • 4.5 Malware
        • 4.6 Shellcoding
      • 5️⃣5 - Post-Exploitation
        • 5.1 Linux Post-Exploitation
        • 5.2 - Linux Privilege Escalation
          • 5.2.1 Kernel Exploitation
          • 5.2.2 SUID Exploitation
          • 5.2.3 CronJobs
        • 5.3 - Post Expolitation / Pivoting
          • 5.3.1 Pivoting Guidelines
          • 5.3.2 Pivoting Example (3 Targets)
      • 6️⃣6 - ​Red Teaming
        • 6.1 - Active Directory Penetration Testing
          • 6.1.1 Introduction to Active Directory (AD)
            • 6.1.1.1 Users, Groups & Computers
            • 6.1.1.2 Organizational Units (OUs)
            • 6.1.1.3 Trees, Forest & Trust
          • 6.1.2 AD Authentication
          • 6.1.3 AD Penetration Testing Methodology
        • 6.1.4 AD Enumeration
        • 6.1.5 AD Privilege Escalation
        • 6.1.6 AD Lateral Movement
        • 6.1.7 AD Persistence
        • 6.2 - Command & Control (C2/C&C)
    • eCPPTv2
      • 1️⃣1 - ​System Security
        • 1.1 Architecture Foundamentals
        • 1.2 Assemblers and Tools
        • 1.3 Buffer Overflow
        • 1.4 Cryptography
        • 1.5 Malware
        • 1.6 Shellcoding
      • 2️⃣2 - Network Security
        • 2.1 System/Host Based Attacks
          • 2.1.1 Windows Vulnerabilities
        • 2.2 Network Based Attacks
        • 2.3 The Metasploit Framework (MSF)
          • MSF Introduction
          • Information Gathering & Enumeration
          • Vulnerability Scanning
          • Client-Side Attacks
          • Post Exploitation
          • Armitage
        • 2.4 Exploitation
        • 2.5 - Post Expolitation / Pivoting
          • 2.5.1 Pivoting Guidelines
          • 2.5.2 Pivoting Example (3 Targets)
        • 2.6 Social Engineering
      • 3️⃣3 - PowerShell for PT
        • 3.1 PowerShell
      • 4️⃣4 - Linux Exploitation
        • 4.1 Linux Vulnerabilities
        • 4.2 Linux Exploitation
        • 4.3 Linux Post-Exploitation
        • 4.4 Linux Privilege Escalation
          • 4.4.1 Kernel Exploitation
          • 4.4.2 SUID Exploitation
          • 4.4.3 CronJobs
      • 5️⃣5 - Web App Security
        • 5.1 - Web App Concepts
          • 5.1.1 HTTP/S Protocol
          • 5.1.2 Encoding
          • 5.1.3 Same Origin
          • 5.1.4 Cookies
          • 5.1.5 Session
          • 5.1.6 Web App Proxies
        • 5.2 - Information Gathering
          • 5.2.1 Gathering Information on Your Targets
          • 5.2.2 Infrastructure
          • 5.2.3 Fingerprinting Frameworks and Applications
          • 5.2.4 Fingerprinting Custom Applications
          • 5.2.5 Enumerating Resources
          • 5.2.6 Information Disclosure Through Misconfiguration
          • 5.2.7 Google Hacking
          • 5.2.8 Shodan HQ
        • 5.3 - Cross Site Scripting
          • 5.3.1 XSS Anatomy
          • 5.3.2 Reflected XSS
          • 5.3.3 Stored XSS
          • 5.3.4 DOM-Based XSS
          • 5.3.5 Identifying & Exploiting XSS with XSSer
        • 5.4 - SQL Injection
          • 5.4.1 Introduction to SQL Injection
          • 5.4.2 Finding SQL Injection
          • 5.4.3 Exploiting In-Band SQL Injection
          • 5.4.4 Exploiting Error-Based SQL Injection
          • 5.4.5 Exploiting Blind SQL Injection
          • 5.4.6 SQLMap
          • 5.4.7 Mitigation Strategies
          • 5.4.8 From SQLi to Server Takeover
        • 5.5 - Other Common Web Attacks
          • 5.5.1 Session Attacks
          • 5.5.2 CSRF
      • 6️⃣6 - ​Wi-Fi Security
        • 6.1 Traffic Analysis
      • 7️⃣7 - ​Metasploit & Ruby
        • 7.1 Metasploit
      • 📄Report
        • How to write a PT Report
  • 🛣️RoadMap & My Experience
  • 📔eCPPT Cheat Sheet
Powered by GitBook
On this page
  • Other Common Web Attacks
  • Topics
  • Web Basics
  • Practise
  1. eCPPT / PTP - Notes
  2. eCPPTv2
  3. 5 - Web App Security

5.5 - Other Common Web Attacks

Previous5.4.8 From SQLi to Server TakeoverNext5.5.1 Session Attacks

Other Common Web Attacks

Topics

in addition to SQLi, there are several other common web attacks that malicious actors may use to exploit vulnerabilities in web applications. Here are a few notable ones:

  1. Cross-Site Scripting (XSS): XSS attacks involve injecting malicious scripts into web pages that are then executed by a user's browser. This can be used to steal sensitive information, such as login credentials or session cookies.

  2. Cross-Site Request Forgery (CSRF): CSRF attacks trick users into unknowingly submitting a web request on a site where they are authenticated. This can lead to actions being performed on the user's behalf without their consent.

  3. Cross-Site Script Inclusion (XSSI): XSSI attacks involve an attacker including external scripts in a web page, often exploiting misconfigurations in the application's content security policy.

  4. Clickjacking: Clickjacking involves hiding malicious actions behind a legitimate-looking interface. Users unknowingly interact with the hidden elements, allowing attackers to perform actions on their behalf.

  5. Security Misconfigurations: Improperly configured security settings, such as default passwords or unnecessary services running, can expose vulnerabilities that attackers exploit.

  6. File Inclusion Attacks: This includes Local File Inclusion (LFI) and Remote File Inclusion (RFI). LFI occurs when an attacker can include files on a server through the web browser. RFI occurs when an attacker can include remote files, often from a malicious server.

  7. Command Injection: Attackers can inject malicious commands into input fields that are then executed by the application. This can lead to unauthorized access or other malicious activities.

  8. XML External Entity (XXE) Attacks: XXE attacks exploit vulnerabilities in XML processors by injecting malicious XML content. This can lead to disclosure of internal files or denial of service.

  9. Server-Side Request Forgery (SSRF): SSRF attacks involve tricking a server into making unintended requests, often to internal resources, which can lead to unauthorized access or data exposure.

  10. Brute Force Attacks: Attackers attempt to gain access to user accounts by systematically trying all possible combinations of usernames and passwords.

  11. Session Hijacking and Session Fixation: Session hijacking involves stealing a user's session token to gain unauthorized access. Session fixation involves setting a user's session token, often through phishing, to hijack their session later.

Web Basics

Practise

🔬 There are many vulnerable testing web apps like:

DVWA

The Damn Vulnerable Web Application (DVWA) is a web application built with PHP and MySQL intentionally designed to be susceptible to security vulnerabilities. Its primary purpose is to serve as a resource for security professionals to assess their skills and tools within a legal context. Additionally, it aids web developers in gaining a deeper understanding of the processes involved in securing web applications and facilitates learning about web application security for both students and teachers in a controlled classroom setting.

DVWA is designed to provide a platform for practicing various common web vulnerabilities at different difficulty levels, all presented through a simple and user-friendly interface. It's important to note that there are deliberate both documented and undocumented vulnerabilities within the software, encouraging users to explore and identify as many issues as possible.

DVWA - My Writeups

Theory and Lab platform

❗ Disclaimer

  • Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!

​​

​

​​

​​

​​

​

📝
5️⃣
Session Attacks
CSRF
Web Application Basics
Web Apps Tools of Trade
Juice Shop - Kali Install
DVWA - Kali Install
bWAPP
Mutillidae II
GitHub - digininja/DVWA: Damn Vulnerable Web Application (DVWA)GitHub
DVWA
All labs | Web Security AcademyWebSecAcademy
Web Burp Suite Security Academy
Logo
Logo
DVWA
14 - Hacking Web Apps