This article is for educational purpose. Do not use against any web app unless you are authorized.
What is Fuzzing?
Fuzzing is using security tools to automate input of data into websites or software. Fuzzing is extremely effective and can also be used to perform actions like finding hidden files/folders, trying username and password. Applications that are built poorly are often unable to handle data when overwhelmed. We can fuzz those apps to trigger an error condition which will be abused by a penetration tester or a bounty hunter.
GOBUSTER: this is a tool that helps discover web directories…
DNS POISONING USING ETTERCAP
Redirecting Users to fake website.
DNS poisoning also called DNS cache spoofing is an attack which can corrupt domain name systems, causing g the name server to return an incorrect result record. This result in traffic being redirected to the attackers system.
An attacker can create a fake DNS entry which can be malicious. When a user tries visiting a legit site e.g. www.duckduckgo.com, the user will be redirected to the attacker’s site instead of the actual legit site.
Now let’s carry out example of DNS poisoning with ETTERCAP
First edit the etter.dns file in the…
Tryhackme Gaming Server Writeup.
First, I started off with a simple nmap scan.
nmap -Pn -sC -sV -v -oA 10.10.173.217
This showed me that there were two ports open on the machine, port 22 for SSH and port 80 for HTTP
Since there was a webpage,Simply checking the source of the websites index page showed a comment at the bottom referring to a user named john