OBJECTIVE 03 — WEB APPLICATION HACKING METHODOLOGY
CEH CORE PRINCIPLE (MEMORIZE)
| Item | Memorize |
| Web Application Hacking Methodology | A systematic process used by attackers to identify, analyze, exploit, and maintain access to vulnerabilities in web applications |
PHASES OF WEB APPLICATION HACKING (EXAM ORDER)
| Phase No. | Phase Name |
| 1 | Information Gathering |
| 2 | Web Application Footprinting |
| 3 | Vulnerability Scanning |
| 4 | Web Application Enumeration |
| 5 | Exploitation |
| 6 | Post-Exploitation |
| 7 | Maintaining Access |
| 8 | Covering Tracks |
MEMORY HOOK:
I F S E E P M C
Objective
| Goal |
| Collect maximum information about the target web application |
| Category |
| Domain name |
| IP address |
| Server location |
| Hosting provider |
| Technologies used |
| Tool | Purpose |
| Whois | Domain ownership |
| Nslookup | DNS records |
| Dig | DNS enumeration |
| Netcraft | Hosting and OS info |
| Google Dorks | Sensitive data discovery |
Memory Hook
Who owns it → Where it is → What runs it
Objective
| Goal |
| Identify technologies, frameworks, and entry points |
| Item |
| Web server type |
| OS |
| CMS |
| Programming language |
| Framework |
| Tool | Purpose |
| Wappalyzer | Tech stack detection |
| BuiltWith | Framework identification |
| WhatWeb | Server fingerprinting |
| Netcraft | OS and server details |
Exam Trap
| Trap | Correct |
| Footprinting = scanning | NO |
| Footprinting = passive recon | YES |
PHASE 3 — VULNERABILITY SCANNING
Objective
| Goal |
| Identify known vulnerabilities |
Scanner Types
| Type |
| Automated scanners |
| Signature-based scanners |
| Tool | Purpose |
| Nikto | Web server vulnerabilities |
| Nessus | General vulnerability scanning |
| OpenVAS | Vulnerability detection |
| Acunetix | Web app scanning |
Output
| Output |
| CVE IDs |
| Vulnerability severity |
| Affected components |
MEMORY HOOK:
Scanner ≠ exploit
PHASE 4 — WEB APPLICATION ENUMERATION
Objective
| Goal |
| Extract detailed application-level data |
Enumeration Targets
| Target |
| Directories |
| Files |
| Parameters |
| User roles |
| APIs |
| Tool | Purpose |
| Dirb | Directory brute-force |
| Gobuster | Content discovery |
| Burp Suite | Parameter analysis |
| wfuzz | Parameter fuzzing |
Exam Trap
| Trap | Correct |
| Enumeration is passive | NO |
| Enumeration is active | YES |
PHASE 5 — EXPLOITATION
Objective
| Goal |
| Exploit identified vulnerabilities |
Common Exploits
| Exploit |
| SQL Injection |
| XSS |
| Command Injection |
| File Inclusion |
| Authentication bypass |
| Tool | Purpose |
| SQLmap | SQL injection exploitation |
| Metasploit | Exploit framework |
| Burp Suite | Manual exploitation |
| BeEF | Browser exploitation |
Impact
| Impact |
| Data compromise |
| Shell access |
| Privilege escalation |
PHASE 6 — POST-EXPLOITATION
Objective
| Goal |
| Expand access and collect data |
Activities
| Activity |
| Credential harvesting |
| Data exfiltration |
| Lateral movement |
| Tool |
| Meterpreter |
| Mimikatz |
| Custom scripts |
PHASE 7 — MAINTAINING ACCESS
Objective
| Goal |
| Ensure persistent access |
Techniques
| Technique |
| Backdoors |
| Web shells |
| Scheduled tasks |
Exam Note
Persistence ≠ initial exploitation
PHASE 8 — COVERING TRACKS
Objective
| Goal |
| Hide attacker presence |
Techniques
| Technique |
| Log deletion |
| Log modification |
| Timestamp manipulation |
COMPLETE METHODOLOGY FLOW (EXAM GOLD)
| Order |
| Recon |
| Footprint |
| Scan |
| Enumerate |
| Exploit |
| Post-exploit |
| Persist |
| Cover |