Penetration Testing with Kali Linux OffSec
cat /usr/share/wordlists/rockyou.txt | head
|
|
cat /usr/share/wordlists/rockyou.txt | head
123456 12345 123456789 password iloveyou princess 1234567 rockyou 12345678 abc123 Listing 103 - Copying the first 10 rockyou wordlist values Moving to the Payloads sub-tab, we can paste the above wordlist into the Payload Options[Simple list] area. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 217 Figure 98: Pasting the first 10 rockyou entries With everything ready to start the Intruder attack, let’s click on the top right Start Attack button. We can move past the Burp warning about restricted Intruder features, as this won’t impact our attack. After we let the attack complete, we can observe that apart from the initial probing request, it performed 10 requests, one for each entry in the provided wordlist. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 218 Figure 99: Inspecting Intruder’s attack results We’ll notice that the WordPress application replied with a different Status code on the 4th request, hinting that this might be the correct password value. Our hypothesis is confirmed once we try to log in to the WordPress administrative console with the discovered password. Figure 100: Logging to the WP admin console Now that we’ve built a solid foundational knowledge about how Burp and other assessment tools work, let’s take the next step and learn how to enumerate a target web application. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 219 8.3 Web Application Enumeration This Learning Unit covers the following Learning Objectives: • Learn how to debug Web Application source code • Understand how to enumerate and inspect Headers, Cookies, and Source Code • Learn how to conduct API testing methodologies In a previous Module, we learned how passive information gathering can play a critical role when mapping web applications, especially when public repositories or Google dorks disclose sensitive information about our target. Whether working with leaked credentials or mere application documentation, we should always refer to the information retrieved passively during our active web application testing, as it might lead to unexplored paths. It is important to identify the components that make up a web application before attempting to blindly exploit it. Many web application vulnerabilities are technology-agnostic. However, some exploits and payloads need to be crafted based on the technological underpinnings of the application, such as the database software or operating system. Before launching any attacks on a web application, we should first attempt to discover the technology stack in use. Technology stacks generally consist of a host operating system, web server software, database software, and a frontend/backend programming language. Once we have enumerated the underlying stack using the methodologies we learned earlier, we’ll move on to application enumeration. We can leverage several techniques to gather this information directly from the browser. Most modern browsers include developer tools that can assist in the enumeration process. As the name implies, although Developer Tools are typically used by developers, Yüklə Dostları ilə paylaş:
|