Introduction

While reading some content about Web vulnerability, I came across a presentation of Orange Tsai at Black Hat : Breaking Parser Logic Take Your Path Normalization Off And Pop 0days out.

A question haunted me for a while and I wanted to have an answer to : "How can I determine if an arbitrary user has the right to reset someone else password ?".

Initial research

Firstly, I tracked the kinds of rights available for an Active Directory object. I checked it for a user.

Often during pentesting engagements, you will face to an HTTP/HTTPS webserver. A great way to find things on it is to enumerate resources. Multiple command line tools exist to do so including the following:

• dirb
• gobuster
• wfuzz

Some of them can help to do more than a siple ressource enumeration but we will focus on the enumeration part. The idea is to test these tools in order to find which one is the fastest enumeration tool. Tests will be done on the same target, where there is 3 endpoints that have the PHP extension.