🖥️
Siber Güvenlik Notları
  • WHOAMI
    • 👨‍💻Who Am I?
  • 🔭Information Gathering
    • Pentest VM Setup
    • Passive Information Gathering
    • Subdomain Enumeration
    • Host Discovery
    • Port Scanning
    • Email Enumeration
    • Leaked Passwords
    • Zafiyet Araştırma
  • 🪟Windows Pentesting
    • Windows Privilege Escalation
    • Windows Persistence
    • Windows Lateral Movement
    • AV Evasion
  • 🐧Linux Pentesting
    • Linux Privilege Escalation
    • Linux Persistence
    • Linux Lateral Movement
  • 🕸️Web Application Pentesting
    • Web Pentest Checklist
    • SQL Injection
    • NoSQL Injection
    • OS Command Injection
    • XXE Injection
    • SSTI
    • XSS
    • CSRF
    • SSRF
    • LFI/RFI
    • Insecure Deserialization
    • CORS Misconfiguration
    • Directory Traversal
    • File Upload
    • Broken Authentication
    • Broken Access Control
    • Business Logic
    • Race Conditions
    • Web Cache Deception
    • AWS Testing
    • Web Cache Poisoning
    • Clickjacking
    • API Testing
    • Broken Link Hijacking
    • HTTP Request Smuggling
    • LLM
    • HTTP Host Header Attack
    • OAuth Zafiyetleri
    • GraphQL API
    • HTTP Parameter Pollution
    • Configuration and Deployment Management Testing
    • Information Disclosure
    • Prototype pollution
    • JWT
  • 🖲️Network Service Pentesting
    • 📘Active Directory Services
      • Bleeding Edge Vulns
      • Misconfigs
      • Domain Trust
      • DNS (53)
      • Kerberos (88)
      • LDAP (389,636)
      • RPC WMI (135)
      • SMB (445)
      • WinRM - 5985
    • 📂FTP - 21
    • 🔐SSH - 22
    • 🤣Telnet - 23
    • SMTP - 25
    • TFTP - 69 UDP
    • HTTP - 80,443
      • Apache
      • Joomla
      • Drupal
      • Wordpress
      • WEBDAV
      • PHP
      • Laravel
    • IMAP/POP3 - 110,143,993,995
    • SNMP - 161
    • Rservices - 512
    • IPMI - 623
    • Rsync - 873
    • MSSQL - 1433
    • Oracle TNS - 1521
    • NFS - 2049
    • Docker
    • Grafana - 3000
    • MySQL - 3306
    • RDP - 3389
    • Postgresql - 5432
    • Redis - 6379
    • JDWP - 8000
    • MongoDB - 27017
  • 🕸️Network Pentesting
    • ARP Poisoning
  • 📞Android Pentesting
    • Android Derleme Süreci
    • Reversing
    • Rooting
    • Burp Suite Sertifikası
    • SSL Pinning Bypass
    • Patching
    • MobSF Kurulumu
    • Flutter Pentesting
  • 📰Teori
    • Güvenlik Ürünleri
    • OSI
    • Security Principles
  • Diger
    • Hacking Gadgets
      • Wifi Pineapple
      • Pwnagotchi
    • Stego
    • Buffer Overflow
    • Phishing
    • Nessus
    • DDOS Attacks
    • MSFConsole
  • ⏪Reverse
    • GCC Reverse
    • Python Reverse
    • Flare VM
    • Remnux
  • 🛜Wireless Pentesting
    • Wireless Pentest
    • Wireless V2
Powered by GitBook
On this page

Was this helpful?

  1. Web Application Pentesting

AWS Testing

host -t ns offseclab.io # AWS Nameserver
dnsenum offseclab.io --threads 100
​
cloud_enum -k offseclab-assets-public-axevtewi --quickscan --disable-azure --disable-gcp
​
for key in "public" "private" "dev" "prod" "development" "production"; do echo "offseclab-assets-$key-axevtewi"; done | tee /tmp/keyfile.txt
cloud_enum -kf /tmp/keyfile.txt -qs --disable-azure --disable-gcp
​
aws configure --profile attacker
aws --profile attacker sts get-caller-identity
​
aws --profile attacker ec2 describe-images --executable-users all --filters "Name=description,Values=*Offseclab*"
​
aws --profile attacker ec2 describe-snapshots --owner-ids 826517219963
​
aws --profile attacker s3 ls offseclab-assets-public-kaykoour
​
aws --profile attacker iam create-user --user-name enum
​
aws --profile attacker iam create-access-key --user-name enum
​
aws configure --profile enum
​
aws sts get-caller-identity --profile enum
​
aws --profile enum s3 ls offseclab-assets-private-kaykoour
​
run iam__enum_roles --word-list /tmp/role-names.txt --account-id 123456789012
PreviousWeb Cache DeceptionNextWeb Cache Poisoning

Last updated 17 hours ago

Was this helpful?

🕸️