XSS DOM Exploitation

As in the previous post - this post expands on the process in which you send information entered into a webpage to an attacker hosted site. In this example you are exploiting a DOM based XSS vulnerability which means that the vulnerability is exploited entirely on the user/victim side (before interaction with the site/server). You… Continue reading XSS DOM Exploitation

Persistent XSS and how to really exploit it.

I've seen many tutorials over the last few months regarding the good old: alert('XSS') piece of XSS, but in essence this does very little for you - it just proves that the site is vulnerable to XSS. So a good way to really exploit and make use of a persistent XSS vulnerability is to do… Continue reading Persistent XSS and how to really exploit it.

Using a broken img tag to create an XSS alert

This is just an example and can be manipulated and played with as you please, but I keep forgetting the format and would like to quickly reference this when required - so it's for me...it's for you too, but it's for me..too: 🙂 <img src='roadtonowhere' onerror="alert('XSS');" />

Fierce for DNS and subdomain enumeration

Another nice tool in the Kali arsenal is called fierce: fierce -dns website.domain This command will uncover a massive list of DNS entries related to the domain in question. You can also add the target DNS server when making requests: fierce -dns website.domain -dnsserver ns.domain.domain

DNS Subdomain Enumeration

Another great tool I recently came across is the subbrute tool. I know that dirb and dirbuster can help you enumerate the various paths for a URL/domain, but this tool lets you go the other way by discovering the subdomains. To install the tool on Kali: git clone https://github.com/TheRook/subbrute.git Then to run it you only… Continue reading DNS Subdomain Enumeration

Whatweb for Web fingerprinting

I just learned of a new tool for fingerprinting a website: WHATWEB (Using Kali) It's as easy as typing the apps name followed by the URL/IP: whatweb -v website.domain (or the IP of the server hosting the site - you can even add multiple URLs/IPs) The best thing about this tool as the way in… Continue reading Whatweb for Web fingerprinting

Owasp ZAP not working on Kali?

I've been trying to get Owasp ZAP to work on my Kali test machine. but I kept getting an error that I need to upgrade my Java: "ZAP requires a minimum of Java 7 to run, found 1.6.0_36" So it seems straight forward enough, just update Java... 🙂 Here's how: Download the latest Java SE… Continue reading Owasp ZAP not working on Kali?