Home
Certification Preparation
Other Security Certifications
WebApp Test needed
GOGONUT2K
Hello guys!
I am self-studying for OSCP (haven't enrolled yet in the course, mostly reading books about metasploit) and recently I was challenged by one of my friends to test a web site for file upload. The task require to successfully upload a file on a webserver.
I already tried with Nessus and Metasploit but nothing worked. Can you guide me on how to handle this task ?
What are the best tools to use ? Where should I search for exploits ? What path should I follow ?
Thank you and I look forward to your positive responses.
Find more posts tagged with
Comments
Jaxin
Nessus and Metasploit are generally pretty useless against custom web applications. If you really want to practice, learn to use a web proxy such as BurpSuite, and avoid the automated tools
If OSCP is really what you want, just jump into it - buy the 30 day lab package, get the material, have fun in the labs, and when the time expires, you should have a better idea where and how you need to self-study. Then, after some more focused self-study time, just buy some more lab time.I found that to work best for me, rather than aimlessly studying without really knowing what to focus my studies on
NovaHax
Agree with Jaxin. Automated tools are generally going to get you nowhere with web-apps. You need an intercepting proxy like Burp or Zap.
The OWASP entry on Unrestricted Upload covers some techniques that can be used to bypass common blacklist filtering techniques.
https://www.owasp.org/index.php/Unrestricted_File_Upload
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
