Introduction

Hello All

Welcome to Practical Demonstration of Web Application Hacking here we are going to learn about various web vulnerabilities and how to hunt them on a target and how to exploit them .

Before we begin to hunt we should choose a target that is in scope here we are going to choose our target as OWASP (Open Web Application Security Project) Juice Shop Project which is an insecure web application.

When we hunt, it’s important to look at every target in it’s own right. We are going to look at the OWASP juice shop. In this demonstration you…


What is it

IDOR: Insecure Direct Object Reference

Photo by Muhannad Ajjan on Unsplash

These types of vulnerabilities arise from acces control issues. We will devote another entire chapter to those types of vulnerabilities. The term IDOR was made popular in by appearing in the OWASP top 10 but in reality it’s simply another type of Broken Access Control issue. IDORs can manifest in both horizontal and vertical privilege escalation. To speak of an IDOR, the following conditions have to be met:

  • An object identifier exists in the request, either as GET or POST parameter
  • A Broken Access Control issue has to exist allowing the user access to data…

Introduction

What you need to know about WAF evasion techniques before we start is that this is a topic that is VERY hard to describe properly. WAFs are super diverse and research into them is sparse. All of this is because a WAF can be configured just like any networking component. The configuration can differ from target to target and this is a real challenge. We will first explore how WAFs work so we can design a proper attack technique. You need to know your enemy before you can fight it.

How does a WAF work?

WAFs usually consist of several stages but not all of…


Introduction

Photo by Gursimrat Ganda on Unsplash

For this guide we will be working with docker. Docker is a system that allows you to easily spin up a container from a configuration file. This eliminates the need to install all of the dependencies that are needed on our own system just to run something simple like the DVWA. We simply have to install docker on our host system. To do this on windows or OSX simple download the docker desktop client from their homepage.

https://www.docker.com/products/docker-desktop

For linux, either install it using yum or apt:

sudo apt-get install docker.io
sudo yum install docker.io

Installing our test application

We will be using DVWA…


Introduction

Sometimes we want to hunt from our laptops, sometimes from our desktops and sometimes even from our phones. Sometimes we want to run a small quick command, sometimes we want to run a full network scan of all ports + TCP ports. Sometimes we want to make a reverse shell connection, sometimes we want to generate an exploit. Sometimes we hunt at home, sometimes we hunt at a friends house. Not everyone has the money to pay for a proper laptop, others do but prefer the comfort of the cloud.

Whatever your reason might be, i think a VPS is…


Introduction

When we are hunting, we sometimes find requests that are interesting to us but they might not be directly usefull due to some system filtering our input like a WAF for example or due to a range of other possibilties. In some of these cases, burp intruder might bring rescue. If we want to try many different payloads quickly, intruder is going to be the perfect tool for us as it is very flexible and it has a range of other options.

Sending a request to the intruder

We can build the requests we want to send to the intruder manually each time but that would…


Introduction

Hello amazing hackers! I am really happy to see you here because i was afraid to write this article. I do not want to boast, and it feels like boasting when i say this but i passed my OSCP exam the first time around with all but 1 flag found and i had no prior hacking practice. Here’s how i did it!

OSCP or CEH?

I want to start off by prefacing this with saying no certificate has my preference, i think they both have a valid field of applicability.

I always wanted to get into cybersecurity and one day when browsing the…


Over time i ran into some issues when i was following other people’s methodologies. I was testing like my mentors and my hero’s but it never felt like their way of testing quite fitted my way of life and i never found any bugs doing that.

I am a stubborn rat. When i can’t find a way i make my own. I’ve developed a methodology that i think minimizes dupes beause i focus on out-thinking the competition instead of being the first to find a new subdomain or asset and testing it. I love leftovers 🙃.

This content comes from…


Photo by Sigmund on Unsplash

Generic techniques

Airlock Ergon

%C0%80'+union+select+col1,col2,col3+from+table+--+

Every space here is replaced by a + and we have the %C0 and %80 url encoded values at the beginning of our…


Introduction

It seems at first sight that this is not really a vulnerability but more a best practice but nothing could be further from the truth. If an ongoing attack is not detected in time or at all, our other security measures might be tampered with without us even knowing. In the event of an attack, we should be informed in a timely manner and with the correct level of detail.

This vulnerability type is a particularly nasty one because it is very hard to quantify exactly how much logging and monitoring is required to be safe. Besides being hard to…

Thexssrat

No b*llshit Hacking tutorials with extreme value in short bursts

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store