Web Application Attacks
Web Application Enumeration
Interested:
- Programming Language and Framework
- Web Server Software
- Database Software
- Server OS
Inspecting URLs
Some programming languages can be figured out from URLs/extensions, like php.
Inspecting Page Content
From developer tool->debugger, we may find js library used.
Viewing Response Header
Developer Tool => Network
Server Header could review Software running on server
Inspecting Sitemaps
curl https://www.google.com/robots.txt
Locating Admin Consoles
Web Application Assessment Tools
DIRB
Web Content Scanner.
dirb <URL> -r -z 10 # -z 10 for delay -r for non-recursive
Burp Suite
burpsuite command.
Can be used to track requests send to a web server as a proxy, and regenerate these requests with custom settings.
For example, if some input doesn't allow more than 20 chars, we can use this method to surpass the check.
Nikto
Web Server Scanner. Test dangerous/vulnerable files/programs/server version/config.
Could take very long.
Solution:
- set
-maxtime - -T: to set type of test
nikto -host=http://www.megacorpone.com -maxtime=30s
Exploiting Web-based Vulnerabilities
Exploiting Admin Console
Use Nikto to find vulnerabilities, such as PHPmyAdmin, and guess its password
Cross-Site Scripting (XSS)
Identify XSS Vulnerabilities
Search input fields.
Inject code into website (input) and they maybe executed as real scripts if not encoded/sanitized properly.
Directory Traversal Vulnerabilities
Gain access to files of a web app.
Identifying and Exploiting Directory Traversals
Examine URL query strings and forms.
File Inclusion Vulnerabilities
Include a file into the application.
SQL Injection
sqlmap for automating sql injection.