div class=ts-pagebuttonPage 1button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page1jpg target=_blank amp-img class=ts-thumb alt=Page 1: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails1jpg width=142 height=106 layout=responsive amp-imga divpDorking Pentesting�with Tacytp pChema Alonso @chemaalonsop ppdivdiv class=ts-pagebuttonPage 2button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page2jpg target=_blank amp-img class=ts-thumb alt=Page 2: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails2jpg width=142 height=106 layout=responsive amp-imga divpDorkingpdivdiv class=ts-pagebuttonPage 3button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page3jpg target=_blank amp-img class=ts-thumb alt=Page 3: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails3jpg width=142 height=106 layout=responsive amp-imga divpThe target is the�“What” not the “Who”pdivdiv class=ts-pagebuttonPage 4button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page4jpg target=_blank amp-img class=ts-thumb alt=Page 4: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails4jpg width=142 height=106 layout=responsive amp-imga divpThe Target is the Codepdivdiv class=ts-pagebuttonPage 5button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page5jpg target=_blank amp-img class=ts-thumb alt=Page 5: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails5jpg width=142 height=106 layout=responsive amp-imga divpWhat is “Tacyt”pdivdiv class=ts-pagebuttonPage 6button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page6jpg target=_blank amp-img class=ts-thumb alt=Page 6: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails6jpg width=142 height=106 layout=responsive amp-imga divpDorking with apps:�code metadatapdivdiv class=ts-pagebuttonPage 7button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page7jpg target=_blank amp-img class=ts-thumb alt=Page 7: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails7jpg width=142 height=106 layout=responsive amp-imga divp1- Infrastructurepdivdiv class=ts-pagebuttonPage 8button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page8jpg target=_blank amp-img class=ts-thumb alt=Page 8: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails8jpg width=142 height=106 layout=responsive amp-imga divpInfrastructure Surfacepdivdiv class=ts-pagebuttonPage 9button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page9jpg target=_blank amp-img class=ts-thumb alt=Page 9: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails9jpg width=142 height=106 layout=responsive amp-imga divpWell-Known Portspdivdiv class=ts-pagebuttonPage 10button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page10jpg target=_blank amp-img class=ts-thumb alt=Page 10: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails10jpg width=142 height=106 layout=responsive amp-imga divpCpanel Pleskpdivdiv class=ts-pagebuttonPage 11button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page11jpg target=_blank amp-img class=ts-thumb alt=Page 11: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails11jpg width=142 height=106 layout=responsive amp-imga divp2- P@ssw0rdSpdivdiv class=ts-pagebuttonPage 12button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page12jpg target=_blank amp-img class=ts-thumb alt=Page 12: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails12jpg width=142 height=106 layout=responsive amp-imga divpPasswordtxtpdivdiv class=ts-pagebuttonPage 13button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page13jpg target=_blank amp-img class=ts-thumb alt=Page 13: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails13jpg width=142 height=106 layout=responsive amp-imga divpUserListspdivdiv class=ts-pagebuttonPage 14button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page14jpg target=_blank amp-img class=ts-thumb alt=Page 14: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails14jpg width=142 height=106 layout=responsive amp-imga divpUserlistapppdivdiv class=ts-pagebuttonPage 15button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page15jpg target=_blank amp-img class=ts-thumb alt=Page 15: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails15jpg width=142 height=106 layout=responsive amp-imga divpDatabasespdivdiv class=ts-pagebuttonPage 16button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page16jpg target=_blank amp-img class=ts-thumb alt=Page 16: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails16jpg width=142 height=106 layout=responsive amp-imga divpWebServicespdivdiv class=ts-pagebuttonPage 17button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page17jpg target=_blank amp-img class=ts-thumb alt=Page 17: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails17jpg width=142 height=106 layout=responsive amp-imga divp3- Third Party Credentialspdivdiv class=ts-pagebuttonPage 18button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page18jpg target=_blank amp-img class=ts-thumb alt=Page 18: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails18jpg width=142 height=106 layout=responsive amp-imga divpPathFinderpdivdiv class=ts-pagebuttonPage 19button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page19jpg target=_blank amp-img class=ts-thumb alt=Page 19: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails19jpg width=142 height=106 layout=responsive amp-imga divpSocial Networkspdivdiv class=ts-pagebuttonPage 20button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page20jpg target=_blank amp-img class=ts-thumb alt=Page 20: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails20jpg width=142 height=106 layout=responsive amp-imga divpAPI Keys Tokenspdivdiv class=ts-pagebuttonPage 21button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page21jpg target=_blank amp-img class=ts-thumb alt=Page 21: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails21jpg width=142 height=106 layout=responsive amp-imga divp4- Bugs to get intop p• SQLaspphpaspx… • Query • ldapsearch • exec • sql • command • …pdivdiv class=ts-pagebuttonPage 22button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page22jpg target=_blank amp-img class=ts-thumb alt=Page 22: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails22jpg width=142 height=106 layout=responsive amp-imga divpBlind SQL Injectionpdivdiv class=ts-pagebuttonPage 23button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page23jpg target=_blank amp-img class=ts-thumb alt=Page 23: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails23jpg width=142 height=106 layout=responsive amp-imga divpBlind SQL Injection 101pdivdiv class=ts-pagebuttonPage 24button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page24jpg target=_blank amp-img class=ts-thumb alt=Page 24: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails24jpg width=142 height=106 layout=responsive amp-imga divpLDAP Searchpdivdiv class=ts-pagebuttonPage 25button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page25jpg target=_blank amp-img class=ts-thumb alt=Page 25: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails25jpg width=142 height=106 layout=responsive amp-imga divpBlind LDAP Injection 101pdivdiv class=ts-pagebuttonPage 26button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page26jpg target=_blank amp-img class=ts-thumb alt=Page 26: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails26jpg width=142 height=106 layout=responsive amp-imga divpSurprise me baby!pdivdiv class=ts-pagebuttonPage 27button div class=ts-image a href=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5page27jpg target=_blank amp-img class=ts-thumb alt=Page 27: Dorking Pentesting with Tacyt src=https:reader042vdocumentsnetreader042viewer20220215065871430a1a28ab55588b4e17html5thumbnails27jpg width=142 height=106 layout=responsive amp-imga divpQuestions • Chema Alonsop p– http:twittercomchemaalonso – chema@11pathscom – http:wwwelladodelmalcomp p• Disclaimer: Tacyt Service has been developed by Eleven Paths All things working well are because of their hard work All things *may* went bad on this talk were my faultpdiv