5. Foot Printing of a Web Server and a Web Application
by Dave Mound, Benjamin May, Andrew Mabbitt, Terry Ip, Cameron Buchanan, Mohit, Chr
Python: Penetration Testing for Developers
- Python: Penetration Testing for Developers
- Table of Contents
- Python: Penetration Testing for Developers
- Python: Penetration Testing for Developers
- Credits
- Preface
- 1. Module 1
- 1. Understanding the Penetration Testing Methodology
- 2. The Basics of Python Scripting
- Understanding the difference between interpreted and compiled languages
- Python – the good and the bad
- A Python interactive interpreter versus a script
- Environmental variables and PATH
- Understanding dynamically typed languages
- The first Python script
- Developing scripts and identifying errors
- Python formatting
- Python variables
- Operators
- Compound statements
- Functions
- The Python style guide
- Arguments and options
- Your first assessor script
- Summary
- 3. Identifying Targets with Nmap, Scapy, and Python
- Understanding how systems communicate
- Understanding Nmap
- Nmap libraries for Python
- The Scapy library for Python
- Summary
- 4. Executing Credential Attacks with Python
- 5. Exploiting Services with Python
- 6. Assessing Web Applications with Python
- 7. Cracking the Perimeter with Python
- 8. Exploit Development with Python, Metasploit, and Immunity
- Getting started with registers
- Understanding the Windows memory structure
- Understanding memory addresses and endianness
- Understanding the manipulation of the stack
- Understanding immunity
- Understanding basic buffer overflow
- Writing a basic buffer overflow exploit
- Understanding stack adjustments
- Understanding the purpose of local exploits
- Understanding other exploit scripts
- Reversing Metasploit modules
- Understanding protection mechanisms
- Summary
- 9. Automating Reports and Tasks with Python
- 10. Adding Permanency to Python Tools
- 2. Module 2
- 1. Python with Penetration Testing and Networking
- Introducing the scope of pentesting
- Approaches to pentesting
- Introducing Python scripting
- Understanding the tests and tools you'll need
- Learning the common testing platforms with Python
- Network sockets
- Server socket methods
- Client socket methods
- General socket methods
- Moving on to the practical
- Summary
- 2. Scanning Pentesting
- 3. Sniffing and Penetration Testing
- 4. Wireless Pentesting
- 5. Foot Printing of a Web Server and a Web Application
- 6. Client-side and DDoS Attacks
- 7. Pentesting of SQLI and XSS
- 1. Python with Penetration Testing and Networking
- 3. Module 3
- 1. Gathering Open Source Intelligence
- Introduction
- Gathering information using the Shodan API
- Scripting a Google+ API search
- Downloading profile pictures using the Google+ API
- Harvesting additional results from the Google+ API using pagination
- Getting screenshots of websites with QtWebKit
- Screenshots based on a port list
- Spidering websites
- 2. Enumeration
- 3. Vulnerability Identification
- 4. SQL Injection
- 5. Web Header Manipulation
- Introduction
- Testing HTTP methods
- Fingerprinting servers through HTTP headers
- Testing for insecure headers
- Brute forcing login through the Authorization header
- Testing for clickjacking vulnerabilities
- Identifying alternative sites by spoofing user agents
- Testing for insecure cookie flags
- Session fixation through a cookie injection
- 6. Image Analysis and Manipulation
- 7. Encryption and Encoding
- Introduction
- Generating an MD5 hash
- Generating an SHA 1/128/256 hash
- Implementing SHA and MD5 hashes together
- Implementing SHA in a real-world scenario
- Generating a Bcrypt hash
- Cracking an MD5 hash
- Encoding with Base64
- Encoding with ROT13
- Cracking a substitution cipher
- Cracking the Atbash cipher
- Attacking one-time pad reuse
- Predicting a linear congruential generator
- Identifying hashes
- 8. Payloads and Shells
- 9. Reporting
- 1. Gathering Open Source Intelligence
- A. Bibliography
- Index
So far, we have read four chapters that are related from the data link layer to the transport layer. Now, we move on to application layer penetration testing. In this chapter, we will go through the following topics:
- The concept of foot printing of a web server
- Introducing information gathering
- HTTP header checking
- Information gathering of a website from smathwhois.com by the parser BeautifulSoup
- Banner grabbing of a website
- Hardening of a web server
The concept of penetration testing cannot be explained or performed in a single step; therefore, it has been divided into several steps. Foot printing is the first step in pentesting, where an attacker tries to gather information about a target. In today's world, e-commerce is growing rapidly. Due to this, web servers became a prime target for hackers. In order to attack a web server, we must first know what a web server means. We also need to know about the web server hosting software, hosting operating system, and what applications are running on the web server. After getting this information, we can build our exploits. Obtaining this information is known as foot printing of a web server.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.