Ignitetechnologies/Web-Application-Cheatsheet Ignitetechnologies/Web-Application-Cheatsheet

  • Stars
    star
    404
  • Rank 103,293 (Top 3 %)
  • Language
  • Created over 4 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
Ignitetechnologies/Web-Application-Cheatsheet
github

Ignitetechnologies

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

This cheatsheet is aimed at the CTF Players and Beginners to help them understand Web Application Vulnerablity with examples.

Web Application Cheatsheet (Vulnhub)

This cheatsheet is intended for CTF participants and beginners to help them understand web application vulnerability through examples. There are multiple ways to perform the same task. We have performed and compiled this list based on our experience. Please share this with your connections and direct queries and feedback to Hacking Articles.

Follow us on alt text alt text alt text

vulnhub-web-app

Table of Contents

Drupal ⤴

No. Machine Name Exploit/Vulnerability
1. Droopy Drupalgeddon
2. Billu Box 2 Drupalgeddon2
3. Lampiao : 1 Drupalgeddon2
4. Typhoon : 1.02 Drupalgeddon2
5. DC-1 Drupalgeddon2
6. RootThis : 1 Manual
7. DC:7 Manual
8. DC:8

Jenkins ⤴

No. Machine Name Exploit/Vulnerability
1. Jarbas : 1 Jenkins Script Console

Joomla ⤴

No. Machine Name Exploit/Vulnerability
1. Hackademic-RTB2 SQL Injection
2. Kevgir Joomla! 1.5.x - 'Token'
3. DC-3 Joomla! 3.7.0 - 'com_fields' SQL Injection
4. Born2Root: 2 Enumeration

WebMin ⤴

No. Machine Name Exploit/Vulnerability
1. pWnOS -1.0 Webmin File Disclosure
2. VulnOS: 1 DistCC Daemon Command Execution
3. Nezuko:1 Webmin 1.920 - Remote Code Execution

Wordpress ⤴

No. Machine Name Exploit/Vulnerability
1. Hackademic-RTB1 Enumeration
2. Mr. Robot Bruteforce
3. Stapler Enumeration/Bruteforce
4. Minotaur Wordpress SlideShow Gallery Authenticated File Upload
5. Freshly Manual
6. USV Enuemration
7. Quaoar Enumeration
8. Lazysysadmin WordPress Admin Shell Upload
9. BTRSys:dv 2.1 Enumeration
10. Basic Penetration WordPress Admin Shell Upload
11. DerpNStink Wordpress SlideShow Gallery Authenticated File Upload
12. BSides Vancuver: 2018 WordPress Admin Shell Upload
13. Raven Enumeration
14. HackinOS : 1 Enumeration
15. Web Developer : 1 WordPress Photo Gallery Unrestricted File Upload
16. DC-2 Enumeration/Bruteforce
17. DC6 Plainview Activity Monitor 20161228
18. symfonos : 1 WordPress Plugin Mail Masta 1.0 - Local File Inclusion
19. PumpkinFestival Enumeration
20. SP:Jerome WordPress Crop-image Shell Upload
21. dpwwn:2 Wordpress Plugin Site Editor 1.1.1
22. GrimTheRipper:1 Bruteforce
23. symfonos : 2 WordPress Plugin Mail Masta 1.0 - Local File Inclusion
24. Prime: 1 Enumeration
25. HA: Wordy Multiple Vulnerablities
26. Loly: 1 WordPress Plugin AdRotate 3.6.5 - SQL Injection

Builder Engine ⤴

No. Machine Name Exploit/Vulnerability
1. Sedna builderengine_upload_exec

CMS Made Simple ⤴

No. Machine Name Exploit/Vulnerability
1. West Wild: 2 CMSMS Showtime2 File Upload RCE

CouchDB ⤴

No. Machine Name Exploit/Vulnerability
1. Moonraker:1 Node.js deserialization RCE

Cuppa ⤴

No. Machine Name Exploit/Vulnerability
1. W1R3S.inc '/alertConfigField.php' LFI/RFI
2. BRAVERY '/alertConfigField.php' LFI/RFI

Cute News ⤴

No. Machine Name Exploit/Vulnerability
1. Simple CuteNews 2.0.3 Remote File Upload

Impress ⤴

No. Machine Name Exploit/Vulnerability
1. Breach 1.0 Enumeration

Moodle ⤴

No. Machine Name Exploit/Vulnerability
1. Golden Eye:1 Moodle - Remote Command Execution

PHP Mailer ⤴

No. Machine Name Exploit/Vulnerability
1. Raven : 2 PHPMailer < 5.2.18 - Remote Code Execution

Playsms ⤴

No. Machine Name Exploit/Vulnerability
1. Dina PlaySMS import.php Authenticated CSV File Upload Code Execution

Rips ⤴

No. Machine Name Exploit/Vulnerability
1. Mercy RIPS 0.53 - Multiple Local File Inclusions

Simple PHP Blog ⤴

No. Machine Name Exploit/Vulnerability
1. pWnOS -2.0 Simple PHP Blog Remote Command Execution

Squirrel Mail ⤴

No. Machine Name Exploit/Vulnerability
1. DE-ICE:S1.140 Enumeration

PHPTax ⤴

No. Machine Name Exploit/Vulnerability
1. Kioprtix: 5 PhpTax Remote Code Injection

Wolf ⤴

No. Machine Name Exploit/Vulnerability
1. SickOS 1.1 Default Credential

Zenphoto ⤴

No. Machine Name Exploit/Vulnerability
1. Orcus Enumeration

Redis ⤴

No. Machine Name Exploit/Vulnerability
1. Gemini inc:2 Remote Code Execution(RCE)

Nano CMS ⤴

No. Machine Name Exploit/Vulnerability
1. LAMPSecurity: CTF 5 NanoCMS '/data/pagesdata.txt' Password Hash Information Disclosure

GUnet OpenEclass E-learning platform⤴

No. Machine Name Exploit/Vulnerability
1. VulnUni 1.0.1 GUnet OpenEclass E-learning platform 1.7.3

More Repositories

1

Mindmap

This repository will contain many mindmaps for cyber security technologies, methodologies, courses, and certifications in a tree structure to give brief details about them
5,556
star
2

Privilege-Escalation

This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege Escalation with examples.
3,099
star
3

BurpSuite-For-Pentester

This cheatsheet is built for the Bug Bounty Hunters and penetration testers in order to help them hunt the vulnerabilities from P4 to P1 solely and completely with "BurpSuite".
1,977
star
4

HackTheBox-CTF-Writeups

This cheasheet is aimed at the CTF Players and Beginners to help them sort Hack The Box Labs on the basis of Operating System and Difficulty.
1,432
star
5

Vulnhub-CTF-Writeups

This cheasheet is aimed at the CTF Players and Beginners to help them sort Vulnhub Labs. This list contains all the writeups available on hackingarticles.
963
star
6

CTF-Difficulty

This cheasheet is aimed at the CTF Players and Beginners to help them sort the CTF Challenges on the basis of Difficulties.
699
star
7

Linux-Privilege-Escalation

This cheatsheet is aimed at the OSCP aspirants to help them understand the various methods of Escalating Privilege on Linux based Machines and CTFs with examples.
635
star
8

Nmap-For-Pentester

This cheatsheet was created to assist Red Teamers and Penetration Testers in hunting down vulnerabilities using "Nmap."
529
star
9

Credential-Dumping

This cheatsheet is aimed at the Red Teamers to help them understand the fundamentals of Credential Dumping (Sub Technique of Credential Access) with examples. There are multiple ways to perform the same tasks
428
star
10

bugbounty

402
star
11

Android-Penetration-Testing

308
star
12

Windows-Privilege-Escalation

249
star
13

MSSQL-Pentest-Cheatsheet

192
star
14

TryHackMe-CTF-Writeups

175
star
15

Wireless-Penetration-Testing

113
star
16

Command-Control

This cheasheet is aimed at the Red Teamers to help them find diffent tools and methods to create a Commmand and Control Server and exploit remote session.
64
star
17

Persistence-Accessibility-Features

This repository contains the PowerShell script for adding and removing the Sticky Key backdoor on Windows
PowerShell
24
star
18

Windows-Privilege-Escalation-SeImpersontatePrivilege

This repository contains the files that provide the upload functionality in the IIS Server
21
star
19

view2akill

Scripts useful in cracking the Vulnhub Lab named View2aKill: 1
Python
18
star