Pentesting

Introduction to Web Proxies Web proxies sit between a browser or mobile client and the back-end server to capture and inspect HTTP traffic. Unlike full network sniffers that see all local traffic, web proxies focus on web ports such as HTTP/80 and HTTPS/443. This focus makes them ideal for web assessment workflows that require precise request editing and replay. Web proxies support more than interception, and they become a central tool for application testing. They can map endpoints, review headers, and identify patterns that guide further attacks or validation checks. Common tasks include the following: ...

Introduction to XSS Cross-Site Scripting (XSS) is a client-side vulnerability that appears when user input is rendered as executable JavaScript in the browser. The server is not directly compromised, but the user who loads the page can be targeted for phishing, data theft, or session hijacking. The test goal is to confirm execution, identify how the input is handled, and document a realistic impact. XSS only runs in the browser, so the attack depends on how the page renders or stores input. This is why the same payload can succeed or fail depending on the HTML context. When testing, focus on where the input appears and whether it persists after refresh. Those details determine which attack path is possible. ...

Introduction Command Injection is one of the most critical web vulnerabilities because it lets an attacker execute OS commands on the backend host. The impact can be full system compromise and lateral movement if the server has network access. The vulnerability appears when user input is passed into a system command without strict validation and sanitization. This issue is not limited to web apps, but web apps are the most common surface because they regularly call system utilities. If a parameter such as an IP address is used inside a command, a small injection operator can turn it into a full shell. Because the execution happens server-side, any output you can observe is valuable evidence. ...

Introduction to LFI Local File Inclusion (LFI) happens when a web app loads a file based on user input without strict validation. This usually appears in template engines and dynamic page loaders that read content based on a parameter like ?language=es. If the path is not restricted, an attacker can read arbitrary local files such as /etc/passwd, and in some cases LFI can lead to remote code execution. Modern apps often use parameters to reduce duplicate templates and keep routing simple. That pattern becomes dangerous when the parameter controls the file path directly. Testing starts by identifying the parameter and then trying known local files. ...

Introduction to File Upload Attacks File upload features are extremely common in web apps, from profile pictures to document portals. The moment an app stores user-controlled files on the server, it expands the attack surface beyond standard input fields. If validation is weak or missing, attackers can upload active content and trigger code execution. The core risk is that a server may treat an uploaded file as code rather than data. That can happen when the extension is executable, the server is misconfigured, or the upload directory allows script execution. Even if direct execution is blocked, uploads can enable stored XSS, XXE, or DoS. ...

Password Attack Overview Password attacks focus on weakening or bypassing authentication by recovering valid credentials from hashes, files, memory, or network workflows. The attacker goal is not just to crack a string, but to turn it into access and prove impact. That is why the process usually mixes offline cracking, remote login checks, and credential harvesting. A clean workflow also documents the source of each credential for reporting. Authentication relies on something you know, have, or are, but in practice passwords are still the most common factor. Users reuse passwords, pick predictable patterns, and store them in unsafe places, which creates opportunities for attackers. Defenders often rely on lockouts and monitoring, but attackers can still use slow, low-noise methods such as spraying. Understanding where passwords live and how they are processed is the key to efficient testing. ...

Service Attacks Overview Attacking common services is about understanding how organizations expose file sharing, databases, remote access, and email workflows. These services often sit on predictable ports and accept standard authentication methods, which makes them ideal targets during exploitation. The goal is to validate access, enumerate data, and identify misconfigurations that expose sensitive information. A clean workflow documents what you tested, how you authenticated, and what the impact is. Most service attacks follow the same pattern: identify the service, test authentication and permissions, then pivot to protocol specific abuse. If you can list shares, execute queries, or establish remote sessions, you can usually expand into credential harvesting or lateral movement. Many attacks are not exotic, they are simply weak credentials or unsafe defaults. This is why strong enumeration and careful validation matter more than running random exploits. ...