search

2. Perform Web applications Attacks

An ethical hacker or pen tester must test their company’s web application against various attacks and other vulnerabilities.

hashtag
1. Brute force using Burp

set the burp proxy in browser, intercept the request, right click it and send it to intruder.

Now clear the fields and set the targets

  • sniper if you are only brute forcing password.

  • cluster if bruteforcing both username and password

set the payload, wordlists and launch attack. Different values of length will indicate the successful attempt.

Other Bruteforcing tools

https://shehackske.medium.com/brute-force-password-cracking-with-medusa-b680b4f33d69shehackske.medium.comchevron-right
Medusa

hashtag
Hydra Brute force cheatsheat

hashtag
2. Parameter tampering using Burp

In the proxy tab, go to the inspector session where value and name will be visible. You can change it and see the response.

hashtag
3. Identify XSS using PwnXss

LogoGitHub - pwn0sec/PwnXSS: PwnXSS: Vulnerability (XSS) scanner exploitGitHubchevron-right

hashtag
4. Exploit Parameter tempering with XSS

hashtag
5. Perform CSRF attacks

WPSCAN

Add --random-user-agent to avoid firewalls

hashtag
6. Hack a wordpress site with WPSCAN and Metasploit

hashtag
Installation

Enumerate wordpress users

WPSCAN can be used to enumerate users, themes, plugins etc

Now launch the Metasploit with database

Now set the options to brute force it

hashtag
WPSCAN brute forcing

hashtag
Reference

LogoWeb EnumerationTryHackMechevron-right

hashtag
7. Remote command execution to compromise a target server

Setup and complete DVWA Guides

LogoDVWA Walkthrough Step by Step - CavemenTech - Demystifying TechnologyCavemenTech - Demystifying Technologychevron-right
LogoDVWA Ultimate Guide - First Steps and Walkthrough - Bug HackingBug Hackingchevron-right

hashtag
Windows Command Injection

hashtag
8. Exploit File upload vulnerability

Generating the payload

Run multi/handler to catch the shell

Check the above DVWA walkthroughs. For high mode add the following on top of payload and save it as jpeg

Now in command prompt, rename the file

open the shell, and you will get the meterpreter session.

hashtag
9. Exploit Log4j vulnerability

hashtag
10. Perform Remote Code Execution (RCE) Attack

We will exploit RCE in a plugin in wordpress.

  1. In the Terminal window, run wpscan --url http://10.10.1.22:8080/CEH --api-token [API Token] command.

  2. The result appears, displaying detailed information regarding the target website.

  3. Scroll down to the Plugin(s) Identified section, and observe the installed vulnerable plugins (wp-upg) on the target website.

  4. In the Plugin(s) Identified section, within the context of the wp-upg plugin, an Unauthenticated Remote Code Execution (RCE) vulnerability has been detected as shown in the screenshot.

    The number of vulnerable plugins might differ when you perform this lab.

  5. In this task, we will exploit the RCE vulnerability present in the wp-upg plugin.

  6. To perform RCE attack, run curl -i 'http://10.10.1.22:8080/CEH/wp-admin/admin-ajax.php?action=upg_datatable&field=field:exec:whoami:NULL:NULL' command.

  7. This curl command exploits a WordPress plugin vulnerability by sending a malicious request to the admin-ajax.php file, allowing an attacker to execute arbitrary system commands via the exec function, potentially leading to remote code execution.

  8. In the last step, whoami command was executed, yielding the outcome nt authority\ \system

LogoExam Prep & Training for CEH Practical (Unofficial Course)Udemychevron-right
Previous1. Footprint the Web InfrastructureNext3. Detect Web Vulnerabilities using using web application security tools

Last updated