See previous entry for setup/hosting options for OWASP Juice Shop CTF

Tools

Notepad

I'm a fan of taking notes when debugging an issue with the same reasoning as mentioned in this blog post. Coming from a science background, I learned that keeping notes in a lab-book allows you to track your data and retrace your thinking. Troubleshooting an issue or attempting to hack something is no different.

• Notepad++
• Notepad2

For quick temporary placeholders and notes, I prefer Notepad2 (replaces default Notepad). For long running notes, I prefer Notepad++ due to the autosave to long-lived tempfiles.

In actual usage, I try to keep commands, outputs, observations, etc in these notes.

Chrome or Firefox Developer Tools

F12 - The tried and true tool for developers and hackers.

Network

Tools for analyzing some layers of the OSI model.

Analyzers/Monitors

Wireshark tcpDump WinDump

Proxies

Use these to view requests and responses over the wire. Alter and resend requests. Initiate automated forced browsing.

Burp Suite is useful for website vulnerability testing, it's used as a proxy to capture requests and responses.
Fiddler has some of the features. OWASP ZAP

SQL Injection

sqlmap is useful in automatically testing for SQL Injection vulnerabilities. SQL Injection Cheat Sheet

Cross-Site Scripting (XSS)

Types:

• Stored XSS
• Reflected XSS
• DOM-based XSS
• Blind XSS

xsser is an automatic framework for detecting and exploiting XSS vulnerabilities in web-based applications.

Secrets

Following tools can be used to scan git repos and filesystem for secrets with regex or Shannon entropy) .

• TruffleHog
• TruffleHog3

Cryptography

Many times insecure encryption or hashing algorithms are used. Tools below can be used to decrypt or reverse hashes back to their possible original strings via a rainbow table lookup.

Note: For sensitive data, always use an offline tool.

Hashing

• hashcat.net/hashcat
• openwall.com/john
• darknet.org.uk/2006/09/brutus-password-crac..
• foofus.net/goons/jmk/medusa/medusa.html
• project-rainbowcrack.com
• md5.gromweb.com

Encryption

• RSA

Encoding

Encoding is necessary at times to be able to circumvent logic that that decodes some payload. For example HTML is expected to be escaped when returned from a database.

• Online Tools
• Html Encoding
• Base64
  • Notepad++ Plugin Mime Tools
• Base62
• Hex

FYI: Encoding is not encryption. If you use Base64 encoding for sensitive data, you're gonna have a bad day.

Json Web Tokens (JWT)

Noted here since these are base64 encoded and signed for authenticity.

• jwt.io

Decompilers

Probably not used much in Web Application hacking unless, you get the binaries, but a useful tools nonetheless:

• dotPeek
• Ildasm.exe

Reverse Engineering

TBD

• Cutter
• Dependency Walker
• Luke Stackwalker

Dorking

Utilizing search engines to do your bidding. Secrets and other information that is surprisingly accessible.

• google.com
  • support.google.com/websearch/answer/2466433..
• duckduckgo.com
  • help.duckduckgo.com/duckduckgo-help-pages/r..

Sandboxes

Sometimes you may be using tools that are not deemed safe or working with untrusted applications that could contain malware or viruses. A sandbox/isolated environment either through a VM, container, or sandbox is helpful:

• Windows Sandbox
• Sandboxie

Next

Challenges

References

• edricteo.com/sqlmap-commands
• owasp.org/www-project-o-saft
• cryptowiki.net/index.php?title=Perfectly-se..
• en.wikipedia.org/wiki/Entropy_(information_..
• machinelearningmastery.com/what-is-informat...
• medium.com/udacity/shannon-entropy-informat..
• khanacademy.org/computing/computer-science/..
• resources.infosecinstitute.com/topic/androi..
• medium.com/volosoft/running-penetration-tes..
• zaproxy.org/zap-in-ten