02 Scan

  • Scans:

    • nmap

    • dirb

    • gobuster

    • nikto

    • wp-scan

  • Browse:

    • http and https - can be diff

    • ssl certificate details

    • follow links, paths, clues

    • source

    • comments

    • configs

    • robots.txt

    • apache home directories

    • versions

    • login defaults/guessing

    • path/slash/files = LocalFileInjections

    • forms/php = SQLi or WebInjections

  • Exploits

    • google 'coldfusion 8 exploits'

    • searchsploit/exploitdb/blogs/github

    • Known: LFI - SQLi - Directory Traversal

    • EternalBlue/Shellshock/Heartbleed (Well-Known)

    • Remote Code Execution (RCE)

    • CRM/Wordpress = Vulns, Addon, Upload, Theme

  • Brute:

PreviousGitbookNext*Favorites

Last updated