Hello Criminal IP! I have q question : so im soing ctf and when every one comes up for a website what should i be looking for?
Port scan the server that is hosting the website?
Hidden directories, file upload avenues that might lead to code execution, seeing if the web servers are vulnerable to attacks such as heartbleed or shellshock, so much more. Google hacktrickz, and save that github repo and check out the port 80/443 section. Good luck!
What’s the best way to do this? Do you have to brute force search for successful requests?
Open redirects, XSS, SSRF, SqlI, etx
In real world scenarios, vulnerabilities come from analysis and patience, there’s no cake recipe for finding one, however, most CTFs makes this easier, specially in web based CTFs, you might be looking for some controllable input ou something hidden in headers, source-code or listable directory.
Install Wappalyzer extension on your browser. This will tell you what the webpage is running along with its versions. From there I would then do a dir search to map out the other directories.
I just really wanted to thank all of you for the help. Honestly, I didn’t expect real help in this community, but actually it did. So surprised. I’ll check all of sharings! Thanks!
Look for login pages or upload pages and try default logins, sql injection and registering an account if possible. Review scan results. Check for other OWASP top 10 vulnerabilities if all else fails.