The last part of my course is the Web Application Hacking modules. Being that I have been creating web servers for most of my adult life, I was very interested in this next portion. I’ve read several books that mentioned cross site scripting and the rest, but have never delved into actually doing it. Needless to say, this was a very exciting part of the course for me.
I think that first and foremost, it would be good to mention the Juice Shop! It’s a docker container that starts up a web server with challenges containing each web hack that’s out there. It’s nice when you can load up a lab and just start playing thanks to the hackers before me that had enough insight to create such things. It also has quite the reference library! Just about every hack possible is explained, and that’s such a great thing when you’re just learning about them.
We started out by exploring how to find all of the sub-domains attached to a URL. This can be quite important when the scope of your work includes other servers that you can play with. There were a couple scripts on github and other places that did this for me, but Heath (the instructor) showed ways to do this through python. Scripting through python is definitely the way to go! Not only are you writing your own program that you can control, you’re using python which is extremely useful in so many other applications. SIDE STORY: I once created a car alarm for a trailor I owned using python; fun project and extremely useful.
After the sub-domain enumerations, I used a program called httpprobe to find out which ones were active within scope so that I knew where to attack. I never want to waste time when I’m charging per hour for the hacking services. After I knew which sites were active, I used GoWitness to take screenshots of all of them. Quite useful when you want to just browse with your eyes for something interesting like a form on a site (SQL injections).
Without going through every exploit on this blog, I will just say that we stuck with the top ten exploits as suggested b y OWASP.org. It’s the go to place for web application penetration testing! On there, you can find cheat sheets, and checklists that are amazing. I was able to perform a few of the hacks using the Juice Shop server that I described earlier, but there’s so much more to learn! When I’m not on Hack The Box, or TryHackMe, I’ll probably turn on the docker for Juice Shop and use the OWASP checklists to go through more hacks.
Lastly, I’ll just mention BurpSuite. This week was the most I’ve ever been exposed to what it can do, and it was awesome. I especially loved the repeater attacks to give a quick result when you change requests. That tool is a beast, and I can’t wait to see what the Pro version can do.