WEB PENTESTING-

web pentesting there
are many type of bugs in the website
some which is given below
1.sql injection-
this type of bug is for beginner there are lot
of the websites .for tat we can insert in the
input field following command like
' or '1'='1
in the username and password both aNd
after that u can bypass the cpanel of the
websites
and upload your vuln shelll and after that
you can use metasploit for shared server
hacking
if there is linux server is used then you can
root the server or symlink the particular
server.
2.SQLI-
these type of vulnerability in the database of
that websites.for attacking on that you can
use havij for windows machine(KIDDIES).if
you are work on linux then you can use
sqlmap for
datebase hacking if you are professional
hacker then you can use the browser side
query based
attack on that target website.Once you got
the admin and pass themn you can deface
thaT
by using shell like C99,R57 etc
3.XSS-
this is cross site scripting based attack on
that websites in which we can insert the
text on that target websites and which can be
reflected on that browser side or can we
stored '
on the database of website(server side)
4.dir traversal-
it is a type of bug in which there is sensitive
link is directly is open by url side
by browser
5. Remote code execution vulnerability-
A Remote Code Execution attack is a result of
either server side or client side security
weaknesses.
Vulnerable components may include libraries,
remote directories on a server that haven’t
been monitored, frameworks, and other
software modules that run on the basis of
authenticated user access. Applications that
use these components are always under
attack through things like scripts, malware,
and small command lines that extract
information.
some examples of that LFI,RFI,web dav
remote code execution,JCE exploit etc
6. DDOS-
DDoS, or Distributed Denial of Services is
where a server or a machine’s services are
made unavailable to its users.
it's usually agenda is temporarily interrupt or
completely take down a successful running
system.
DDoS attack could be sending tons of URL
requests to a website or a webpage in a very
small amount of time.
BOTNET is popularly used for that DDOS,BY
BOTNET we can connect many clients on
that .
after that we can flood on that websites.