☎️
Contrxl
  • 🏡Home
  • ❓Anonymity Tools
  • ⌨️Cisco
    • Networking Basics
      • Communication in a Connected World
      • Network Components, Types and Connections
      • Wireless and Mobile Networks
      • Home Networking Technologies
      • Communication Protocols
      • Network Media
      • The Access Layer
      • The Internet Protocol
      • IPv4 and Network Segmentation
  • 💾Intune
    • ADMX Configuration
    • App Deployment
    • App Updating/Patching
    • File Deployment
    • Remediations
  • 🎓Learning Links
  • 💻Microsoft
    • 📘Microsoft Portal Links
    • Configure SIEM Security Operations using Microsoft Sentinel
      • Create and Manage Microsoft Sentinel Workspaces
        • Introduction
        • Plan for the Microsoft Sentinel Workspace
        • Create a Microsoft Sentinel Workspace
        • Manage Workspaces Across Tenants Using Azure Lighthouse
        • Understand Microsoft Sentinel Permissions and Roles
        • Manage Microsoft Sentinel Settings
        • Configure Logs
  • 📰News & Information
  • 💡OSINT
    • IP & Domain OSINT
    • Email & Username OSINT
    • Vulnerability OSINT
  • 📚Projects
    • ‼️A Simulation Study of DDoS
  • ⚒️Tools
    • Burp Suite
      • Repeater
      • Intruder
      • Other Modules
    • GoPhish
    • Hydra
    • John the Ripper
    • Metasploit
      • Exploitation
      • Meterpreter
    • NMAP
    • Wireshark
  • 🖥️TryHackMe
    • Learning Paths
      • Complete Beginner
        • 1. Complete Beginner Intro
        • 2. Linux Fundamentals
        • 3. Introductory Networking
        • 3.1 Network Exploitation Basics
        • 4. OWASP Top 10 Exploits
        • 5. Upload Vulnerabilities
        • 5.1 An Example Methodology
        • 6. Cryptography - Hashing
        • 7. Cryptography - Encryption
        • 8. Active Directory Basics
        • 9. What the Shell?
        • 10. Linux Privesc
        • 11. More Linux Privesc
      • Jr Penetration Tester
        • Walking an Application
        • Content Discovery
        • Subdomain Enumeration
        • Authentication Bypass
        • IDOR
        • File Inclusion
        • SSRF
        • XSS (Cross-site Scripting)
        • Command Injection
        • SQL Injection
        • Passive Reconnaissance
        • Active Reconnaissance
        • Protocols and Servers
        • Protocol and Server Attacks
        • Vulnerabilities
        • Exploiting Vulnerabilities
        • Linux Privilege Escalation
        • Windows Privilege Escalation
      • CompTIA Pentest+
        • Planning and Scoping
          • Pentesting Fundamentals
          • Red Team Engagements
          • Governance and Regulation
        • Tools and Code Analysis
          • Metasploit: Introduction
          • Wireshark: The Basics
          • Burp Suite: The Basics
          • Hydra
          • Python Basics
        • Attacks and Exploits
          • Phishing
          • Windows Local Persistence
          • Breaching Active Directory
          • Lateral Movement & Pivoting
Powered by GitBook
On this page
  1. TryHackMe
  2. Learning Paths
  3. Jr Penetration Tester

Walking an Application

First section in Jr Penetration Tester learning path.

Exploring a Website

Finding interactive website sections is important in recon, a good way to start is explore the website manually and take a note of any interesting pages/areas/features. An example version of this would look like the below:

Feature
URL
Summary

Home Page

/

Summary of what ACME IT Support does, with a staff photo.

Latest News

/news

List of recently published articles, each one has an ID number like article?id=1.

News Article

/news/article?id=1

Displays individual articles, some articles are blocked/reserved for premium customers.

Page Source

Page source can be viewed in most browsers by right-clicking the page and selecting "View Page Source", alternatively you can put "view-source:" in front of the address, like: view-source:https://www.google.com.

In page source you can view HTML code, look for comments left behind by developers, denoted by code that starts with <!-- and ends with -->. Links to other pages can also be seen in anchor tags, these start with <a href and end with </a>.

External files like CSS, JavaScript and images can be included in HTML. These files should lead to a 403 or blank page stating no access. If these are viewable to the public there is a chance they could expose private information to the public.

Developer Tools - Inspector

The inspector allows for live client-side editing of interactive page elements.

Developer Tools - Debugger

Debugger is used for debugging JavaScript, this is called debugger in Firefox and Safari, but is referred to as "Sources" in Google Chrome.

Developer Tools - Network

This tab can be used to keep track of all the external requests a web page makes.

Last updated 11 months ago

🖥️
  • Exploring a Website
  • Page Source
  • Developer Tools - Inspector
  • Developer Tools - Debugger
  • Developer Tools - Network