Back to All Modules

Web Attack Exploitation Techniques

#Overview

This section covers exploitation techniques for web application vulnerabilities commonly encountered during penetration testing. Each technique file provides deep-dive coverage of a specific attack class: detection methods, exploitation commands, filter bypasses, OPSEC considerations, and post-exploitation value. Commands and techniques are drawn from real Hack The Box machines.

#Attack Type Decision Tree

Web Application Identified
    |
    += User Input Reflected? --> XSS (xss-exploitation.md)
    |
    += File Upload Present? --> File Upload Attacks (file-upload-attacks.md)
    |
    += Login/Auth Forms? --> SQL Injection (sql-injection.md)
    |                         Command Injection (command-injection.md)
    |                         CMS Exploitation (cms-exploitation.md)
    |
    += URL Parameters with file paths? --> LFI/RFI (local-file-inclusion.md)
    |
    += API Endpoints (REST/GraphQL)? --> SQL Injection, GraphQL Attacks
    |                                    Deserialization (deserialization-attacks.md)
    |                                    SSRF (server-side-request-forgery.md)
    |
    += Template Rendering ({{ }})? --> SSTI (template-injection-ssti.md)
    |
    += XML Parsing? --> XXE (xml-external-entity-xxe.md)
    |
    += .git directory exposed? --> Git Repository (git-repository-exposure.md)
    |
    += CMS Identified? --> CMS Exploitation (cms-exploitation.md)
    |
    += Serialized Objects? --> Deserialization (deserialization-attacks.md)
    |
    += URL Fetching / Webhooks? --> SSRF (server-side-request-forgery.md)
TEXT

#Technique Files

#TechniqueComplexityFile
1SQL InjectionAdvancedsql-injection.md
2Local File InclusionIntermediatelocal-file-inclusion.md
3File Upload AttacksIntermediatefile-upload-attacks.md
4XSS ExploitationIntermediatexss-exploitation.md
5Command InjectionIntermediatecommand-injection.md
6Server-Side Request ForgeryIntermediateserver-side-request-forgery.md
7Deserialization AttacksAdvanceddeserialization-attacks.md
8Template Injection (SSTI)Intermediatetemplate-injection-ssti.md
9XML External Entity (XXE)Intermediatexml-external-entity-xxe.md
10CMS ExploitationIntermediatecms-exploitation.md
11GraphQL API AttacksBasicgraphql-api-attacks.md
12Git Repository ExposureBasicgit-repository-exposure.md

#General Workflow

  1. Enumerate the web application using directory brute-force, parameter discovery, and technology fingerprinting. See ../../03-enumeration/web-enumeration.md for methodology.
  2. Identify the vulnerability class from the decision tree above.
  3. Consult the relevant technique file for exploitation steps.
  4. Escalate initial access to a full reverse shell using the foothold methods described.
  5. Document all findings for the final report.

#Cross-References

#Tool References

ToolLink
Burp Suitehttps://portswigger.net/burp
sqlmaphttps://sqlmap.org
ffufhttps://github.com/ffuf/ffuf
wfuzzhttps://github.com/xmendez/wfuzz
Caidohttps://caido.io