Tuesday, 21 March 2023

SynAck Red Team Asssessment - Intro

Application

  • Several web applications
    • Need to complete all
  • Three infrastructure hosts
    • Need to complete all

Information

  • Requires web pentest techniques
    • Requires information gathering
    • Fuzzing host files
    • Bypass specific tweak flawed
    • Knowledge of exploiting flaws
  • Requires host pentest techniques
    • Tools for port scans
    • Scans for services expose
    • Exploiting vulnerabilities
    • Privilege escalate issues found

Exploit

  • OWASP Top 10 knowledge
  • Kali Linux tools usage
    • Nikto
    • Dirb
    • Metasploit
    • Burpsuite Free Edition
    • NMap
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Friday Fun Pentest Series - 16 - Stored XSS with Filter Bypass - blogenginev3.3.8

Description - It was found that the application was vulnerable to Stored XSS via specific payload that bypassed the filtering in place. Stor...