[email protected]
[email protected]
[email protected]
[email protected]
About Calvin Lai (fkclai)
My Work
Exploit/CVE PoC
ZeroLogon Exploit
Remote Retrieved Chrome saved Encrypted Password
Twitter Control an RCE attack
Hacking Report (HTB)
Hits & Summary
Windows Machine
Linux Machine
PenTest & Exploitation Guide
01 Reconnaissance
02 Port Enumeration
03 Web Enumeration
04 Windows Enum & Exploit
05 File Enumeration
06 Reverse Shell Cheat Sheet
07 SQL Injection
08 BruteForce
09 XSS Bypass Checklist
10 Spring Boot
Vuln Hub (Writeup)
MrRobot
CYBERRY
MATRIX 1
Node-1
DPwwn-1
DC7
AiWeb-2
AiWeb-1
BrainPan
CTF (Writeup)
Hacker One
CTF Learn
P.W.N. University - CTF 2018
HITCON
Useful Command/Tools
Windows
Linux
Offensive Security Lab & Exam
Lab
Powered by GitBook

03 Web Enumeration

Port 80/443 Enumeration

# Sub-folder checking
dirb http://10.10.10.158/ /usr/share/wordlists/dirb/common.txt -o dirb-158.result 
gobuster dir -u 'http://10.10.10.158/' -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o gobuster-158.result 

python3 /root/Documents/ctf/tools/dirsearch/dirsearch.py -u http://10.10.10.158/ -e jsp,txt -x 301,302,403,404 --simple-report=dirsearch-158.result
​
-- https://github.com/ffuf/ffuf
ffuf -w /usr/share/wordlists/dirb/common.txt -u http://10.10.10.175/
​
​
# Nikto
nikto -h http://10.11.1.111
​
# Nikto with squid proxy
nikto -h 10.11.1.111 -useproxy http://10.11.1.111:4444
​
# CMS Explorer
cms-explorer -url http://10.11.1.111 -type [Drupal, WordPress, Joomla, Mambo]

​

PenTest & Exploitation Guide - Previous
02 Port Enumeration
Next - PenTest & Exploitation Guide
04 Windows Enum & Exploit
Last updated 6 months ago