

Cheat Sheet¶

What is this for?¶

This is a rough guideline to help you identify the vulnerabilities in a web application. When attacking a website, consider the questions being asked and follow the steps to an easy pwn! This guide will be updated before each meeting.

What was that acronym?¶

Sometimes we're too lazy to type out the full word, so I've compiled a nice list of acronyms for you to look up. Sometimes we use fancy jargon that no one understands.
Click here for an amazing list.

Yes, but what exactly is this thing? Think R.E.E.!¶

3 easy steps to weight loss! Just kidding. These are what I believe to be the 3 steps in approaching and performing a successful exploit on a website.

1. Reconnaissance¶

You don't know anything about the website yet. You are trying to identify the attack surface and possible vulnerabilities. You still need to identify the objective (i.e., RCE, Authentication, Leaking Code etc...).

If this is you, click here.

2. Engagement¶

You have found a possible vulnerability and are trying to exploit it now. You still need to verify if this vulnerability can lead to what you want. It is possible that you find a vulnerability/bug that is completely useless to you.

If this is you, click here.

3. Exploitation/Exfiltration¶

You found and verified the vulnerability and need to complete the full exploit. This is where you can (if you want) write a script to complete the exploit.

If this is you, click here.