[ CEH Training ] :: [ Day 6 ]

Chapter 13

Web server vulnerabilities and exploits

DDos

SYN flooding

Banner grabbing

XSS

Wikto: a website vulnerability tool:
http://sectools.org/tool/wikto/

Tools

Burp Suite

“Brute Force a Website Login Page with Burp Suite”:
https://www.youtube.com/watch?v=25cazx5D_vw

“Brute force attack (form, ssh, ftp) using burp suite and hydra”:
https://www.youtube.com/watch?v=y3Oh54BUN0U

“Brute Force Router Password using BurpSuite”:
https://www.youtube.com/watch?v=gSVM65_pLfA

Chapter 14

SQL injection

SQL Injection with Burp Suite and Sqlmap”:
https://www.youtube.com/watch?v=2C2G6P9xrGQ

Cheat sheet:
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

OWASP guide:
https://www.owasp.org/index.php/SQL_Injection

Dumping a complete database:
http://resources.infosecinstitute.com/dumping-a-database-using-sql-injection/

 

Leave a Reply