5. Web Application Information Gathering
by Ishan Girdhar, Dhruv Shah
Kali Linux Intrusion and Exploitation Cookbook
- Kali Linux Intrusion and Exploitation Cookbook
- Kali Linux Intrusion and Exploitation Cookbook
- Credits
- About the Authors
- About the Reviewers
- www.PacktPub.com
- Customer Feedback
- Preface
- 1. Getting Started - Setting Up an Environment
- Introduction
- Installing Kali Linux on Cloud - Amazon AWS
- Installing Kali Linux on Docker
- Installing NetHunter on OnePlus One
- Installing Kali Linux on a virtual machine
- Customizing Kali Linux for faster package updates
- Customizing Kali Linux for faster operations
- Configuring remote connectivity services - HTTP, TFTP, and SSH
- Configuring Nessus and Metasploit
- Configuring third-party tools
- Installing Docker on Kali Linux
- 2. Network Information Gathering
- 3. Network Vulnerability Assessment
- 4. Network Exploitation
- Introduction
- Gathering information for credential cracking
- Cracking FTP login using custom wordlist
- Cracking SSH login using custom wordlist
- Cracking HTTP logins using custom wordlist
- Cracking MySql and PostgreSQL login using custom wordlist
- Cracking Cisco login using custom wordlist
- Exploiting vulnerable services (Unix)
- Exploiting vulnerable services (Windows)
- Exploiting services using exploit-db scripts
- 5. Web Application Information Gathering
- Introduction
- Setting up API keys for recon-ng
- Using recon-ng for reconnaissance
- Gathering information using theharvester
- Using DNS protocol for information gathering
- Web application firewall detection
- HTTP and DNS load balancer detection
- Discovering hidden files/directories using DirBuster
- CMS and plugins detection using WhatWeb and p0f
- Finding SSL cipher vulnerabilities
- 6. Web Application Vulnerability Assessment
- Introduction
- Running vulnerable web applications in Docker
- Using W3af for vulnerability assessment
- Using Nikto for web server assessment
- Using Skipfish for vulnerability assessment
- Using Burp Proxy to intercept HTTP traffic
- Using Burp Intruder for customized attack automation
- Using Burp Sequencer to test the session randomness
- 7. Web Application Exploitation
- Introduction
- Using Burp for active/passive scanning
- Using sqlmap to find SQL Injection on the login page
- Exploiting SQL Injection on URL parameters using SQL Injection
- Using Weevely for file upload vulnerability
- Exploiting Shellshock using Burp
- Using Metasploit to exploit Heartbleed
- Using the FIMAP tool for file inclusion attacks (RFI/LFI)
- 8. System and Password Exploitation
- 9. Privilege Escalation and Exploitation
- 10. Wireless Exploitation
- A. Pen Testing 101 Basics
In this chapter, we will cover the following recipes:
- Setting up API keys for recon-ng
- Using recon-ng for reconnaissance
- Gathering information using theharvester
- Using DNS protocol for information gathering
- Web application firewall detection
- HTTP and DNS load balancer detection
- Discovering hidden files/directories using DirBuster
- CMS and plugins detection using WhatWeb and p0f
- Finding SSL cipher vulnerabilities
One of the most important phases of an attack is information gathering.
To be able to launch a successful attack, we need to gather as much as information as possible about our target. So, the more information we get, the higher the probability of a successful attack.
It is also important to note that not only gathering information but documenting it with clarity is of utmost importance. The Kali Linux release has several tools for documenting, collating and organizing information from various target machines, enabling a better reconnaissance. Tools such as Dradis, CaseFile, and KeepNote are some examples of it.
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.