Exploitation

Linux – Exploitation

• FTP Anonymous login
• FreeBSD 9.0 < 9.1 – ‘mmap/ptrace’ Local Privilege Escalation

CVE

• Dirtycow – privilege escalation – CVE-2016-5195

Windows – Exploitation

• LLMNR / NBT-NS Poisoning (Responder tool)
• Windows Password Hashes
• Windows XP – Get Hashes (Local)

Web Application

• Testing Web application authentication tips
• Bypass 30X redirect with BurpSuite
• Server-side HTTP Redirection
• Exploiting pChart 2.1.3 (Directory traversal & XSS)
• PhpTax 0.8 – File Manipulation

Path Traversal (LFI – RFI)

• Basics of Path Traversal
• Testing LFI to RCE using auth.log (SSH) poisoning with Mutillidae & BurpSuite

Injection

• Basics Of SQL Injection
• Advanced SQL Injection: Union based
• Blind SQL injection
• Basic XPath Injection
• Basic Command injection
• SMTP Injection attack

File Upload

• Local file upload – Magic byte change file type

Access Control

• Access control: Account highjacking with Mutillidae
• Access control RFI & Reading file function exploitation + reverse shell with Mutillidae and BurpSuite

Session Management

• Session Management DVWA
• Attacking & Securing Session Management

Authentication

• Testing Web application authentication tips

CMS

• Reverse shell on any CMS
• LotusCMS 3.0 – ‘eval()’ Remote Command Execution

Network

• SSH Port Forwarding

Social Engineering

• How to use Veil to create payloads