Differences

This shows you the differences between two versions of the page.

--- method_4_exploitation [2022/12/31 22:21] – [Blind SQLi] gman
+++ method_4_exploitation [2023/01/12 00:27] (current) – [Defaults] gman
@@ Line 49: / Line 49: @@
 ----
+====== Defaults ======
+Many folks leave many devices with factory defaults. You can quickly look up the default login creds here:
+  * https://www.defaultpassword.com/
+  * https://default-password.info/
+  * https://cirt.net/passwords
+  * [[https://www.google.com/search?q=default+passwords | Or just Google "default passwords"]]. There are a ton of sites.
+----
 ====== Tools ======
@@ Line 192: / Line 201: @@
 ----
-====== Shells ======
+====== Injection Attacks ======
-===== Reverse Shells =====
+===== Command =====
-{{ :images:shell_reverse_netcat.jpg?nolink |}}
+**Command Injection Attacks:** These are attacks that attempt to send commands through a web app to the operating system.
+  * It would give you the ability to directly manipulate the o/s.
+  * On Linux, use the ''system()'' call to send commands to the o/s itself.
-In a reverse shell, a victim machine connects back to us at the attack machine.
+**Example:** If an app asks for a username to set up an account (assuming the username dbag)
-  * You will use reverse shells 95% of the time
+  * When we create our account with the username "dbag," the back-end result sent to the o/s would be something like:
+    * ''system('mkdir /home/dbag')''
+  * Using command injection, you add commands to our user input:
+    * ''dbag & rm -rf /home''
+  * This would result in a command like this:
+    * ''system('mkdir /home/dbag & rm -rf /home')''
+  * And that's bad.
-https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
+===== SQLi =====
-http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
-**PHP Reverse Shell:**
-  * Instructions: http://pentestmonkey.net/tools/web-shells/php-reverse-shell
-  * Download: https://github.com/pentestmonkey/php-reverse-shell
-===== Bind Shells =====
-{{ :images:shell_bind_netcat.jpg?nolink |}}
-In a bind shell, we connect to the target.
-  * You fire off an exploint into the target machine, open up a port, and then use the attack machine to connect.
-https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/  (scroll down)
-----
-====== SQLi ======
 **SQL Injection:** One quick way to check to see if the server is vulnerable to SQL injections, type the following into the query box.
@@ Line 227: / Line 227: @@
 </code>
-===== Tool: SQLMap =====
+==== Tool: SQLMap ====
 Automates SQLi enumeration and exploitation. Use it only after you have manually verified there is indeed an SQLi vulnerability on the target.
-===== Blind SQLi =====
+==== Blind SQLi ====
 Blind SQL injection takes two forms: boolean-based (T/F) and timing-based.
@@ Line 262: / Line 262: @@
   * They automate these timing-based attacks, making them fairly easy.
+----
+====== Shells ======
+===== Reverse Shells =====
+{{ :images:shell_reverse_netcat.jpg?nolink |}}
+In a reverse shell, a victim machine connects back to us at the attack machine.
+  * You will use reverse shells 95% of the time
+https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/
+http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
+**PHP Reverse Shell:**
+  * Instructions: http://pentestmonkey.net/tools/web-shells/php-reverse-shell
+  * Download: https://github.com/pentestmonkey/php-reverse-shell
+===== Bind Shells =====
+{{ :images:shell_bind_netcat.jpg?nolink |}}
+In a bind shell, we connect to the target.
+  * You fire off an exploint into the target machine, open up a port, and then use the attack machine to connect.
+https://www.hackingtutorials.org/networking/hacking-netcat-part-2-bind-reverse-shells/  (scroll down)
 ----