1. The document discusses web exploitation and provides tips for assessing what functionality a server may have and how to test for vulnerabilities.
2. It lists common server-side technologies like PHP, Python, NodeJS that have been exploited in past events, and encourages researching assumed functionality and how others may have previously exploited similar systems.
3. The document emphasizes that web exploitation involves searching and researching to understand what a server can do in response to inputs, as its functionality may not always be obvious, in order to discover ways to read files or execute code remotely.
8. 2 Questions of Web Exploitation
● What can I do?
● What does the server do when I do that?
9. What are developers bad at?
● Deserialization
● Escaping input to be rendered/executed
● Making sure only the right people can do the “right” things
15. What can I do? - Tips
● Reverse engineer known page functionality, see how it communicates with the
server (Burp / Inspect Element + Console)
● Check common directories for additional functionality
● Bruteforce common directories/files for additional functionality (gobuster)
● Bruteforce subdomains for additional functionality (gobuster)
16. What does the server do when I do that? - Tips
● Fuzz inputs (send ;:’”!@#$%^&*(((()-_=+)
● Research assumed functionality, look for how people have exploited it in the
past (OWASP Top 10)
● Look for UNIQUE functionality that you haven’t seen elsewhere (Unique
inclusion of special protections like a strict CSP) - Particularly useful if you
know the application is or used to be vulnerable