Bootcamp #3: Web and DNS
Reading List:
Learn about virtual hosting
Setup Vhosts on Apache
Same Orgine Policy
DNS Zone Transfer
Video Supplement:
Intro to Web Pentesting
HTML Injection and XSS
Reading HTML 5 Storage
Forceful Directory Browsing
How DNS works
Issues with DNS
Dan Kaminsky on DNS rebinding
Hands On:
Use whois on blogger.com, use dig on blogger.com, attempt AXFR w/ dig, use nslookup, use host.
Pick any exploit on the Mutillidae vulnerable system, learn about the specific exploit, exploit it, then patch the code, making it non vulnerable. Choose any exploit other than SQL injection.
Programming:
Write a php page on your Samurai webserver that echos back a parameter in the URL. For example, accessing http://localhost/hello.php?name=Hacker will return "Hello Hacker"
Learn about virtual hosting
Setup Vhosts on Apache
Same Orgine Policy
DNS Zone Transfer
Video Supplement:
Intro to Web Pentesting
HTML Injection and XSS
Reading HTML 5 Storage
Forceful Directory Browsing
How DNS works
Issues with DNS
Dan Kaminsky on DNS rebinding
Hands On:
Use whois on blogger.com, use dig on blogger.com, attempt AXFR w/ dig, use nslookup, use host.
Pick any exploit on the Mutillidae vulnerable system, learn about the specific exploit, exploit it, then patch the code, making it non vulnerable. Choose any exploit other than SQL injection.
Programming:
Write a php page on your Samurai webserver that echos back a parameter in the URL. For example, accessing http://localhost/hello.php?name=Hacker will return "Hello Hacker"