Exploitation/initial access

1

Authentication

1.1 Default credentials

• Search up the default credentials (eg. username, passwords) for that particular application

1.2 Weak passwords

• Given a username, or if permitted, attempt to brute-force the username too

$ hydra ...
$ wfuzz ...

Wordlists

1. ...

...

2

Text input form

• Eg, messages, comments, etc.

2.1 Cross-site scripting

...

2.2 SQL Injection

1.1.1 Manual testing

• Basic manual inputs to test for the presence of SQLi vulnerability:

'
"
...

1.1.2 Automated testing

$ sqlmap ...

...

3

File upload

upload web shell, .etc..

4

Path/directory traversal, File inclusion

...

5