6/10/2020 Web pentesting training Web pentesting training Created Wednesday 10 June 2020 Day 1: Lab setup and intro to Linux Virtual box install Kali Linux installation Linux basics 5 phases of hacking Tor Proxy chains E-mail spoofing Day 2: Intro to web pentesting Install metasploitable 2 Reconesence 1. whois lookup 2. nslookup 3. wepalizer 4. wafw00f 5. ipinfo.io 6. dnsenum 7.dimitry Day 3: Scanning NMap Nikto Skipfish gobuster Burp suite OWASP zap Day 4: XSS attack Types of webapp vulnerabilities 1. Client side 2. Server side Types of xss attacks 1. Reflected 2. Stored 3. DOM based Beef intro Day 5: Local file inclusion Intro to LFI 1/2 file:///tmp/zim-cyberhunter/print-to-browser.html
6/10/2020 Web pentesting training Access source code using LFI Null byte injection Get shell using LFI 1. Environmental variable method 2. Log poisoning 3. Data wraper method Day 6: SQL injection SQL injection intro SQL map intro Extract data using sql map Bypass admin panel using SQL vuln Test automation using burp Get shell using sql vul Day 7: Career guidance Job opertunities Certifications for EH Full Q/A session file:///tmp/zim-cyberhunter/print-to-browser.html 2/2
Search
Read the Text Version
- 1 - 2
Pages:
