1. Enumeration
    1. Authentication Bypass
      1. Find All pages and parameters and map in any mindmap software (xmind proffered)
      2. create 2 nodes Pre-Auth and Post-Auth and divide pages accordingly
      3. Focus on preauth pages to find vulnerabilities
      4. Find the suspicious pages and parameters from preauth and target that first.
      5. Vulnerabilities to identify which can help to bypass authentication
    2. RCE
      1. Divide PostAuthenticated pages into 2 section Admin and non-admin.
      2. Focus on AdminOnly Pages to find vulnerabilities.
  2. Exploitation
    1. Find vulnerabilities and try exploiting it without scripting.
    2. Created notes as TODO so it will be easier to write exploit.
  3. Automation
    1. Make sure you have todo list
    2. According to TODO list start writing functions.
    3. Always create modularized exploit
    4. Test each functions before moving to the next
    5. chain functions with conditional statements
  4. ex. #login def login(target,username,password): s = session.session() s.post(url,data) return session
  5. Exploits that has functions that take user input and return valuable data
  6. Rikunj Sindhwad