Scribd
Upload
280 views

Checklist 1 After Recon

This document provides a checklist of tasks for a beginner penetration tester to perform after initial reconnaissance of a target website. The checklist includes actions like creating multiple accounts, directory bruteforcing, checking for vulnerabilities in the login, registration, and password reset pages like session expiration, OAuth bypass, XML file uploads, bypassing limitations on file types, inserting XSS payloads, password reset poisoning, and expired reset tokens. It also recommends checking if outdated services or known exploits for the target's version can be leveraged.

Uploaded by

sidhant Tech
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
280 views

Checklist 1 After Recon

This document provides a checklist of tasks for a beginner penetration tester to perform after initial reconnaissance of a target website. The checklist includes actions like creating multiple accounts, directory bruteforcing, checking for vulnerabilities in the login, registration, and password reset pages like session expiration, OAuth bypass, XML file uploads, bypassing limitations on file types, inserting XSS payloads, password reset poisoning, and expired reset tokens. It also recommends checking if outdated services or known exploits for the target's version can be leveraged.

Uploaded by

sidhant Tech
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Checklist 1 After Recon

(Beginner's Friendly)
Create 2 accounts on the same website if it has login functionality You can
use https://addons.mozilla.org/en-US/firefox/addon/multi-account-
containers/ extension to use same browser for creating different account
on the same website)

Try directory brute forcing using tools like "Dirsearch", " FeroxBuster",
"Ffuf", might be possible some directory may reveal sensitive information

Login Page
Session Expiration

Improper Session Validation

OAuth Bypass It includes features like login with Google, Microsoft,
Instagram or any)

OAuth Token Stealing

Authentication Bypass

Privilege Escalation

SQLi

Registration Page
XML File Upload using SVG If website asks for Documents upload or Profile
Upload then you can try this)

Bypassing Limitation on File Types to Upload If they just allow jpg,png then
try to upload .php or .py)

Bypassing Mobile or Email Verification

Brute Forcing OTP Sent

Try inserting XSS payload wherever possible Like if you can enter XSS
payload in First Name/Last Name/Address etc text box make sure to enter

Checklist 1 After Recon Beginner's Friendly) 1


because sometimes it may reflect somewhere else or maybe it's stored
XSS.

Forgot Password Page


Password Reset Poisoning Kind of similar way we do Host Header
Injection)

Reset Token/Link Expiring Maybe they pay)

Reset Token Leaks This can happen when some website interacts to third
party services at that point of time maybe password reset token is sent via
referrer header part and maybe it can leak)

Check for Subdomain takeover

https://www.youtube.com/watch?v=ds7GHLXi5dM

Check for Older Version of Service is used by your target and if they do try
to find existing exploit for the target.

I have made a video where I shared how older version helped me to find
bug

https://www.youtube.com/watch?v=aJqLoXLr5xo&t=464s

Checklist 1 After Recon Beginner's Friendly) 2

You might also like