WebApp Test needed

GOGONUT2KGOGONUT2K Member Posts: 12 ■□□□□□□□□□
Hello guys!

I am self-studying for OSCP (haven't enrolled yet in the course, mostly reading books about metasploit) and recently I was challenged by one of my friends to test a web site for file upload. The task require to successfully upload a file on a webserver.

I already tried with Nessus and Metasploit but nothing worked. Can you guide me on how to handle this task ?

What are the best tools to use ? Where should I search for exploits ? What path should I follow ?

Thank you and I look forward to your positive responses.


  • JaxinJaxin Member Posts: 7 ■□□□□□□□□□
    Nessus and Metasploit are generally pretty useless against custom web applications. If you really want to practice, learn to use a web proxy such as BurpSuite, and avoid the automated tools ;)

    If OSCP is really what you want, just jump into it - buy the 30 day lab package, get the material, have fun in the labs, and when the time expires, you should have a better idea where and how you need to self-study. Then, after some more focused self-study time, just buy some more lab time.I found that to work best for me, rather than aimlessly studying without really knowing what to focus my studies on :)
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Agree with Jaxin. Automated tools are generally going to get you nowhere with web-apps. You need an intercepting proxy like Burp or Zap.

    The OWASP entry on Unrestricted Upload covers some techniques that can be used to bypass common blacklist filtering techniques.

Sign In or Register to comment.