Web Enumeration

Check all tool-based enumerations in Enumeration Port 80/443 - Web section - nmap, feroxbuster, wfuzz, etc. check Port 80/443 Web section.
Find any Platform/Framework/CMS/Web Applications for vulnerability. Check version numbers - OS, Web Server & Script language, Platform, API, CMS and Components, etc. This example shows 'metabase' application and google 'metabase RCE'.

Google the 'name' 'version' and 'exploit' to check any exploit code available.
Learn pages and links for attack vectors.
Check any usernames or email on the pages.
Check source codes of web pages to see any embedded or hidden information that their web developers left.
Check GitHub directory or gitea server running.
Check all input that you could potentially control. Start with SQL, LFI, SSRF, Command Injection, etc.
For sign in, start signing in with command username and password combinations. Please pay special attention to the HTTP request parameters that you could manipulate or add to become an admin or high privilege user.
For registration, register a username and password and sign in with the user. Please pay special attention to the HTTP request parameters that you could manipulate or add a new parameter to become an admin or high privilege user.
Find any upload function.
Change GET to POST or POST to GET requests to see if anything happens.
Find any URL that you could fuzz further. This example shows the number (100) as a part of URL for content detail. You could fuzz this web site by fuzzing with different numbers.

Find an obvious function to investigate further. For example, the page below shows 'Submit a repo' that will compile your source code to run. This looks obvious for a RCE opportunity!

Enumerate continuously via Json response. The 'jq' command is your friend. The following example shows that we get some hash value for a username. In this case, it was a cookie value to the user to sign in the web site.

Last updated 10 months ago