Posts

It is a long journey. We need to prepare ourselves for adjusting ourselves to learn new methods and technique. If someone is beginner, they can follow this path to start the learning on penetration Testing. This is just a short syllabus. There are more advanced topics but it is a good start for newbie! Many Guys asked me if there is any learning path to follow I can tell them. So to favore them, i publishied this here, which published on my GitHub already, and also some youtube video!...

Username Enumeration Username can be enumerated in various way. For Example: Test with valid/invalid username and observe error message, and also compare Content length for both request. Analyze the URL for different behaviors, such as valid user get https://redtm.com/valid?err=1 and wrong user get https://redtm.com/valid?err=0. Observe http error message, such as a valid user url https://ip/admin giving error 403 whereas https://ip/wrongUser error is 404. Analyze the Pages title. The page title could be a different for wrong/right username....

The common technique to find input validation vulnerability: Fuzz All parameters for OS Command Injection Encode payload in different way to bypass filter! SQL Injection SQL injection is most of the popular web hacking technique. If the web app is vulnerable to SQL Injection, Attackers can read, write data in database, and in some case able execute system command. Union Based SQLi - We can retrieve data from different database table....