Basic

nmap -sC -sV IP

rustscan -a IP

curl -I IP

echo domain IP > /etc/hosts

Fuzzing subdomains

ffuf -c -u URL -H "Host: domain" -w /opt/Seclists/DNS/subdomains-top1million-110000.txt -t 150 -fw 20

BURP - intercept requests

Caido - intercept requests

Procurar por vulns web > Web Hacking

Bruteforce hash

hashcat --identify hash

hashcat -a0 -m3200 hash /usr/share/wordlists/rockyou.txt --show

descobrir backend

../../../../../../../etc/passwd

PreviousPrivescNextPost Exploitation

Last updated