1
1'
1"
[1]
1`
1\
1/*'*/
1/*!1111'*/
1'||'asd'||'
1' or '1'='1
1 or 1=1
'or''='

• Registrieren: https://tryhackme.com
• Voucher einlösen: https://tryhackme.com/profile
• Einführung: https://tryhackme.com/room/tutorial und https://tryhackme.com/path-action/introtocyber/join

The CompTIA PenTest+ (PT0-001) is an intermediate-to-advanced level certification to provide you with the hands-on skills of penetration testing (ethical hacking). You will learn how to locate and exploit vulnerabilities in a network – including breaches of applications, protocols, Application Programming Interfaces (APIs), servers and firewalls. After successful completion, you will be able to plan and prepare for a penetration test engagement, perform social engineering and password attacks, analyze and report pentest results, and more. All tasks are designed to set you up for success in cybersecurity.

• Module 1 - Planning and Preparing for a Penetration Test Engagement
• Module 2 - Using the Metasploit Framework

• Connect to PLABWIN10.
• Click in the Type here to search text box and type:

Ruby

• Right-click Command Prompt with Ruby and Rails and select Run as administrator.
• In Command Prompt with Ruby and Rails window type the following:

cd c:\Serpico   # enter
ruby serpico.rb

• Open FireFox web browser from the Taskbar.

https :// 192 . 168 . 0 . 4 : 8443/
  User: administrator
  Pass: Passw0rd

• Select Consultant Information from the top pane in the Serpico web application.

  Consultant Company: PLABPentest
  Consultant Name: Jack Hack
  Email: jack@hack.com
  Phone: 555-1234
  Title: Mr

• Select List Report Templates from the left pane.

https://github.com/SerpicoProject/Serpico/wiki/Running-Serpico-From-Docker

Send unlimited API Requests from Your Browser.

Installation
Download *.zip von https://www.postman.com/downloads/
*.zip entpacken
in den Ordner wechseln und die App mit ./Postman starten.
Mit Postman arbeiten:

• Api Testing with Postman
• https://blog.postman.com/introducing-the-postman-agent-send-api-requests-from-your-browser-without-limits/

API ist die Abkürzung für Application Programming Interface und beschreibt einen Satz klar definierter Anweisungen, die für die Kommunikation zweier Anwendungen erstellt wurden. Das gängige verwendete Protokoll ist HTML. HTTP-Ressourcen werden eindeutig durch URLs (Uniform Resource Locators) identifiziert, in Form von http- und https-URIs (Uniform Resource Identifiers).
URLs haben die folgende Syntax:

Protokoll://Hostname:Port/Pfad-und-Ressourcenname

HTTP-Anforderung und HTTP-Antwort – Nachrichten haben dieselbe Grundstruktur:

Die Anforderungszeile (Request line) gibt die HTTP-Methode, Ressource („/“) und die HTTP-Version an.
Übliche HTTP-methods sind:

• POST – to post content to the server.
• HEAD – to request only http headers for a request, omitting the response message body. This can be used to retrieve certain configuration options.OPTIONS – to request a description of communication options for the target resource, the server should respond with a list of supported HTTP methods.
• PUT – another method (among ‘POST’) to send content to the server. POST is more commonly used on web pages, whereas PUT is more common in APIs.
• DELETE – to instruct the web server to delete a specific resource or content.

Weitere Infos: https://wiki.selfhtml.org/wiki/HTTP/Anfragemethoden

HTTP response status codes are separated into five categories, where the first digit of the status code defines the class of the response:

• 1xx (Informational)
• 2xx (Successful)
• 3xx (Redirection)
• 4xx (Client Error)
• 5xx (Server Error)