Book of Eopi
  • 😍About the Author
  • πŸ€–ChatGPT for Cybersecurity
  • πŸ“˜CERTIFICATIONS
    • Certified Ethical Hacker (C|EH)(Practical)
      • Reconnaissance (Footprinting)
      • Scanning Networks
      • Vulnerability Analysis
      • System Hacking
      • Sniffing
      • SQL Injection
      • Remote code execution
      • Hacking Web Applications & Servers
        • Local and remote file inclusion
        • File upload bypass
        • Cross-site scripting
        • Cross-site request forgery
        • Server-side request forgery
      • Exploitation
        • Working with exploits
        • Password cracking
        • Metasploit
        • Buffer overflow
      • Cloud Computing
      • Cryptography
      • Mobile Pentesting Resources
      • Learning resources
  • 🏁My Hacking Materials
    • My Most Frequently Used Hacking Commands
    • RickdiculouslyEasy: 1 VulnHub WriteUp
    • Corrosion: 2 VulnHub WriteUp
    • Hackable: 3 VulnHub WriteUp
    • Empire: LupinOne Vulnhub WriteUp
  • 🐧101 Labs for Linux
    • πŸ’»Hardware and System Configuration
      • LAB 1 - Boot Sequence
  • πŸ”§Mod Nintendo Switch Game
    • πŸ”ΉPokΓ©mon Brilliant Diamond and Shining Pearl
      • πŸŸ₯Install mods on Nintendo Switch
      • 🟦Install mods on Yuzu/Ryujinx Emulator
      • πŸ” Custom font for PokΓ©mon BDSP
  • πŸ“–SHARE TΓ€I LIỆU NVSP
    • 1️⃣HỌC PHαΊ¦N 1
    • 2️⃣HỌC PHαΊ¦N 2
    • 3️⃣HỌC PHαΊ¦N 3
    • 4️⃣HỌC PHαΊ¦N 4
    • 5️⃣HỌC PHαΊ¦N 5 (chΖ°a hoΓ n thiện)
    • 6️⃣HỌC PHαΊ¦N 6
  • βš”οΈTα»•ng Hợp VΓ΅ LΓ’m 2
    • πŸ’°Server JX2 2014 - BαΊ£n Kinh Doanh
    • πŸ‘‘Server JX2 2014 - PhiΓͺn bαΊ£n Offline
    • πŸ‘‘Server JX2 2017 - PhiΓͺn BαΊ£n Offline
    • πŸ‘‘Server JX2 2021 - PhiΓͺn BαΊ£n Offline
Powered by GitBook
On this page
  • Identify Technology (Footprint)
  • Other Methods
  • Nmap Scripts
  • Directory Bruteforce
  • Dirbuster for Directory Brute force
  • Service Bruteforce
  • Hydra
  • Medusa
  • DVWA
  • Wordlist
  1. CERTIFICATIONS
  2. Certified Ethical Hacker (C|EH)(Practical)

Hacking Web Applications & Servers

Welcome to the Hacking Web Applications & Servers module. This note will guide you thru all the methodologies I followed while preparing for CEH (Practical) exam.

PreviousRemote code executionNextLocal and remote file inclusion

Last updated 2 years ago

Identify Technology (Footprint)

  • Identifying the technology that is used by the web application would give us an idea on how to exploit that particular application.

List of tools used to identify the technology

  1. httprecon

  2. whatweb (CLI)

Other Methods

  • Using Telnet

  • Using NetCat

Nmap Scripts

Normal HTTP Enumeration

nmap -sV --script=http-enum www.xyz.com

WAF Detection

nmap -p 80,443 --script=http-waf-detect www.xyz.com 

Directory Bruteforce

Brute force directory guessing attacks are very common attacks used against websites and web servers. They are used to finding hidden and often forgotten directories on a site to try to compromise.

Dirbuster for Directory Brute force

DirBuster is a multi-threaded java application designed to brute force directories and files names on web/application servers. Often is the case now of what looks like a web server in a state of default installation is actually not, and has pages and applications hidden within. DirBuster attempts to find these.

However, tools of this nature are often only good as the directory and file list they come with. A different approach was taken to generate this. The list was generated from scratch, by crawling the Internet and enough, the directory and files that are actually used by developers! DirBuster comes with a total of 9 different lists, this makes DirBuster extremely effective at finding those hidden files and directories. And if that was not enough DirBuster also has the option to perform a pure brute force, which leaves the hidden directories and files nowhere to hide.

CheatSheets for Dirbuster

You can use any directory brute force tools eg: GoBuster, Dirsearch, BruteX, etc... But make your mind that every tool makes the same process. So, master one tool and you are good to go.

Service Bruteforce

Hydra

Man! I can't say words about this tool!πŸ”₯This is one of my fav tools for brute force passwords for services running on a network.

hydra -L /Path/To/Username/WordList -P /Path/To/Password/WordList 10.10.10.x ftp

On Hydra, you can set your desired service to brute force, on the above command you can see I have set the brute force to FTP. Same as you can set for any service. Examples, SSH, RDP, SAMBA, etc...

Medusa

Medusa is also one of the best tools out there for brute force. Even though I love Hydra, I use medusa alot. Maybe I can prioritize Medusa first and Hydra second place.

medusa -h 10.10.10.x -U /root/Documents/user_list.txt -p /root/Documents/pass_list.txt -M ftp -F

DVWA

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. DVWA aims to practice some of the most common web vulnerabilities, with various levels of difficulty. DVWA plays one of the major roles in the C|EH (Practical) exam. It is advisable to crack DVWA and get used to the box since the challenges may appear based on the challenges available on this box.

Hey! Thank you for being up here in my process. DVWA is one of the best applications for practising your web application attacks. Since I completed this challenge years before, I request you to work on this. I can't help you with each module in the DVWA but there are tons of video tutorials and blogs about this box. Please complete this box since this might be important for your exam.

I have attached the solution Playlist of DVWA below πŸ‘‡πŸ» check this out

By now, you should have the knowledge on:

Wordlist

For Certified Ethical Hacker (Practical) exam, You don't need to worry about the wordlist since most probably they would have attached the wordlist for each module so make use of those first. If you have any failures then go with the default wordlist.

πŸ“˜
wappalyzer
https://www.youtube.com/playlist?list=PLHUKi1UlEgOJLPSFZaFKMoexpM6qhOb4Q
dirbuster | Kali Linux ToolsKali Linux
Check out video on Fuzzing and Directory Brute-Force. This can gives you an idea.
Alexis Ahmed's
https://www.youtube.com/playlist?list=PLHUKi1UlEgOJLPSFZaFKMoexpM6qhOb4Q
Brute Force Password Cracking with MedusaMedium
This Medium has a comprehensive explanation on how tpo use medusa
Hack Like a Pro: How to Find Directories in Websites Using DirBusterWonderHowTo
Logo
Logo
Logo