Browse Hacknotes

Exploitation & Enumeration

Exploitation and enumeration techniques for penetration testing, covering web application vulnerabilities (SQL injection, XSS, CSRF), network service exploitation (DNS, FTP, SMB), and advanced enumeration methods for security professionals and ethical hackers.

In this section

  • Network Services
    Network services penetration testing guide covering DNS, FTP, SMB, and other common network protocols. Learn enumeration techniques, vulnerability assessment, and exploitation methods for security testing and ethical hacking.
    • 139,445: SMB
      SMB penetration testing guide covering share enumeration, authentication testing, Null session exploitation, and SMB vulnerability assessment using tools like Enum4linux, Smbclient, and Impacket for Windows network security testing.
    • 21: FTP
      FTP penetration testing guide covering anonymous login testing, brute force attacks, banner grabbing, and file transfer exploitation using tools like Nmap, Hydra, and Netcat for security assessments and ethical hacking.
    • 53: DNS
      DNS penetration testing guide covering zone transfer testing, subdomain enumeration, DNS cache snooping, and DNS amplification attacks using tools like Dig, DNSRecon, Fierce, and Sublist3r for security assessments and ethical hacking.
  • Web
    Web application penetration testing documentation covering SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and other web vulnerabilities. Practical exploitation techniques and tools for security testing and ethical hacking.
    • Cross-Site Request Forgery (CSRF/XSRF)
      Cross-Site Request Forgery (CSRF) penetration testing guide covering token analysis, request forgery testing, and CSRF exploitation techniques. Learn how to identify vulnerable endpoints, create PoC attacks, and test CSRF protection mechanisms for web security assessments.
    • Cross-Site Scripting (XSS)
      Cross-Site Scripting (XSS) penetration testing guide covering reflected, stored, and DOM-based XSS vulnerabilities. Learn detection techniques, filter bypass methods, and exploitation using tools like XSSer, Dalfox, and manual testing for web application security assessments.
    • SQL Injection
      SQL injection penetration testing guide covering union-based, boolean-based, time-based, and error-based SQL injection techniques using SQLMap and manual methods to exploit database vulnerabilities and extract sensitive data during security assessments.
Scanning