Pen Tests Flashcards
Forceful Directory Browsing
Manually generate URLs designed to access files and folders on a separate host.
Format: IP/Directory
Example: 172.30.0.15/history
Example: 172.30.0.15/wwwroot
FTP with FileZilla
- Host: IP address
- Username: anonymous
- Quick Connect
- Select the file to transfer
SQL Injection
Enter 1’ OR 1=1;# into a textbox that reads data from a relational database.
XSS Reflected
Enter < script >alert(‘This is an XSS exploit!’)</ script > (Remove spaces around script)
Command Execution
Enter IP address & netstat -n into a textbox
XSS Stored
Enter < script >document.write(“< H1 >You have been hacked!</ H1 >”)</ script > into a textbox. (Remove extra spaces)
Ping Flood
Enter IP address ping -f into the command terminal
Log Files
Using forceful browsing, search for the logs file.
http://IP address/logs
FTP
Attempt to send files to a host using Filezilla.
SMTP
Enter > netstat -an > Desktop\netstat_output.txt command into the command terminal. Search through the Notepad file created by the command for an entry associated with port number 25, 587, or 465. (These are the ports SMTP uses.)
Loose Lipped Errors
Browse to http://IP address/fnf.html and look at the error message provided. If it displays too much information, then it is loose-lipped.