noob

[Rendo]

hi i am learning penetration testing and want to test my knowledge but i have a problem

how do i find vulnerable sites?

i have been told "google dorks" but that is not of much value. where can i learn how to use google dorks effectively

 

[MOYAGOLUBUSHKA]

hi i am learning penetration testing and want to test my knowledge but i have a problem

how do i find vulnerable sites?

i have been told "google dorks" but that is not of much value. where can i learn how to use google dorks effectively

There pretty cool collections of dorks on Github

GitHub - TUXCMD/Google-Dorks-Full_list: Approx 10.000 lines of Google dorks search queries - Use this for research purposes only

Approx 10.000 lines of Google dorks search queries - Use this for research purposes only - GitHub - TUXCMD/Google-Dorks-Full_list: Approx 10.000 lines of Google dorks search queries - Use this for ...

github.com

GitHub - cipher387/Dorks-collections-list: List of Github repositories and articles with list of dorks for different search engines

List of Github repositories and articles with list of dorks for different search engines - GitHub - cipher387/Dorks-collections-list: List of Github repositories and articles with list of dorks for...

github.com

and much more

you can always write your own for a product you find intersting, to research or have an exploit to, remember you could always just setup a VM with the product and have fun.

Looking to get paid for an exploit ?
or just looking to have fun ?

 

[Rendo]

i am looking for an exploit. i have found a site which is vulnerable to sql injection. it is a ?id=9 i added a '. now i need to find a way to exploit

 

[hackeryaroslav]

i am looking for an exploit. i have found a site which is vulnerable to sql injection. it is a ?id=9 i added a '. now i need to find a way to exploit

sqlmap is what ure looking for. Google this tool. Can be easily installed either on Windows or Kali Linux

 

[Rendo]

thanks. im testing with this tool but currently unable to breach the site i found. maybe its not good
is there certain things that you recognize when deciding which sql to use?

 

[nottse2]

hi i am learning penetration testing and want to test my knowledge but i have a problem

how do i find vulnerable sites?

i have been told "google dorks" but that is not of much value. where can i learn how to use google dorks effectively

learn php and javascript first
Then learn top 10 vulnerabilities in web apps and web apis
Learn How web api and backend server works
Install and learn basic scanners like sqlmap, burp suite, nikto etc..
Read books like:

The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws​

OR

Web Application Security: Exploitation and Countermeasures for Modern Web Applications​

Start in https://academy.hackthebox.com/course/preview/introduction-to-web-applications
GOOD LUCK
FOR BUYING ANY BOOK CHEAPER IN PDF PM ME!