Cheat sheet - broken authentication

Fuzz

Command

Description

wfuzz -z file,/path/to/wordlist.txt -u http://127.0.0.1:80/site/FUZZ

Fuzz using a wordlist

wfuzz -z file,/path/to/user.txt -z file,/path/to/pass.txt http://127.0.0.1/login.php -d "user=FUZZ&pass=FUZ2Z"

Fuzz using POST method and two wordlists

wfuzz -H Foo:FUZZ

Fuzz header

-X GET , -X POST

Choose method

Grep

Command

Description

grep '[[:classname:]]' file.txt

Find strings that contain a given class. Classes are: [[:graph:]], [[:lower:]], [[:print:]], [[:punct:]], [[:space:]], [[:upper:]], and [[:xdigit:]]

grep -x '.\{123\}'

Find strings with length of 123

Misc

Command

Description

echo -n academy | xxd -p

Convert hex to ASCII

echo -n 61636164656d79 | xxd -r -p

Convert ASCII to hex

PreviousCheat sheet - hacking wordpressNextCheat sheet - login brute force

Last updated

Was this helpful?