Web Enumeration Resources

Just wondering if anyone is willing to share some resources around web site hacking / enumeration? Specifically around custom web sites? Just wondering if there’s a process to follow here on things to look for. I know this is a vast subject, but just wondering if there’s some videos or articles related to the process in general?

me too xD

The best guide on Web Hacking is definitely the OWASP methodology. Will teach you all of the basics.

This is beautiful. Thanks @kanecain !!!

:slight_smile:

Take note that some of the tools in the pdf are old. But the procedure is all the same. Rely more on manual enumeration. Also, get used to using Burp Suite (or OWASP Zap) as a web proxy for testing. Pretty much essential.

For sure. Yes I do use burp now, but pretty scattered methodology from my small amount of experience / notes. This helps lots. Thanks again.

There is also an excellent book called the web application hackers handbook it will serve you well.

Hello guys,

I am newbie and i am stuck at Web Enumeration.

When i click to spawn the target system i am getting the following IP Address: 178.128.163.152:31862
I cannot execute the commands from the Guide/Tutorial because the IP address: 178.128.163.152:31862 is not unreachable.
Even if i am connected to the VPN: sudo openvpn academy.ovpn
I cannot execute the commands or outside the VPN this IP address is not reachable.

When the system target is with the following IP address: 10.X.X.X everything is working fine and i can execute the commands such as nmap, netcat and etc… But whit this IP range i cannot understand what to do…

This is the result from gobuster:

gobuster dir -u http://178.128.163.152/ -w /usr/share/dirb/wordlists/common.txt
===============================================================
Gobuster v3.1.0
by OJ Reeves (@TheColonial) & Christian Mehlmauer (@firefart)
===============================================================
[+] Url:                     http://178.128.163.152/
[+] Method:                  GET
[+] Threads:                 10
[+] Wordlist:                /usr/share/dirb/wordlists/common.txt
[+] Negative Status codes:   404
[+] User Agent:              gobuster/3.1.0
[+] Timeout:                 10s
===============================================================
2022/03/27 03:15:55 Starting gobuster in directory enumeration mode
===============================================================
Error: error on running gobuster: unable to connect to http://178.128.163.152/: Get "http://178.128.163.152/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Can you please give me a tip/advice what should i do with this ip address in order to complete the challenge.

Thanks in advance and looking forward.

After reading carefully i figure out what is wrong :smiley:

The challenge is completed