Some of the names listed previously and their variations in the language the target application was created in may allow us access to restricted sections of the site, which is a very important step in a penetration test; we cannot find vulnerabilities in places if we ignore they exist. Some of them will provide us with information about the server, its configuration, and the developing frameworks used. Some others, like the Tomcat manager and JBoss administration pages, if wrongfully configured, will let us (or a malicious user) take control of the web server.
How it works...
by Gilberto Najera-Gutierrez
Kali Linux Web Penetration Testing Cookbook - Second Edition
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Setting Up Kali Linux and the Testing Lab
- Introduction
- Installing VirtualBox on Windows and Linux
- Creating a Kali Linux virtual machine
- Updating and upgrading Kali Linux
- Configuring the web browser for penetration testing
- Creating a client virtual machine
- Configuring virtual machines for correct communication
- Getting to know web applications on a vulnerable virtual machine
- Reconnaissance
- Introduction
- Passive reconnaissance
- Using Recon-ng to gather information
- Scanning and identifying services with Nmap
- Identifying web application firewalls
- Identifying HTTPS encryption parameters
- Using the browser's developer tools to analyze and alter basic behavior
- Obtaining and modifying cookies
- Taking advantage of robots.txt
- Using Proxies, Crawlers, and Spiders
- Introduction
- Finding files and folders with DirBuster
- Finding files and folders with ZAP
- Using Burp Suite to view and alter requests
- Using Burp Suite's Intruder to find files and folders
- Using the ZAP proxy to view and alter requests
- Using ZAP spider
- Using Burp Suite to spider a website
- Repeating requests with Burp Suite's repeater
- Using WebScarab
- Identifying relevant files and directories from crawling results
- Testing Authentication and Session Management
- Introduction
- Username enumeration
- Dictionary attack on login pages with Burp Suite
- Brute forcing basic authentication with Hydra
- Attacking Tomcat's passwords with Metasploit
- Manually identifying vulnerabilities in cookies
- Attacking a session fixation vulnerability
- Evaluating the quality of session identifiers with Burp Sequencer
- Abusing insecure direct object references
- Performing a Cross-Site Request Forgery attack
- Cross-Site Scripting and Client-Side Attacks
- Introduction
- Bypassing client-side controls using the browser
- Identifying Cross-Site Scripting vulnerabilities
- Obtaining session cookies through XSS
- Exploiting DOM XSS
- Man-in-the-Browser attack with XSS and BeEF
- Extracting information from web storage
- Testing WebSockets with ZAP
- Using XSS and Metasploit to get a remote shell
- Exploiting Injection Vulnerabilities
- Introduction
- Looking for file inclusions
- Abusing file inclusions and uploads
- Manually identifying SQL injection
- Step-by-step error-based SQL injections
- Identifying and exploiting blind SQL injections
- Finding and exploiting SQL injections with SQLMap
- Exploiting an XML External Entity injection
- Detecting and exploiting command injection vulnerabilities
- Exploiting Platform Vulnerabilities
- Introduction
- Exploiting Heartbleed vulnerability using Exploit-DB
- Executing commands by exploiting Shellshock
- Creating and capturing a reverse shell with Metasploit
- Privilege escalation on Linux
- Privilege escalation on Windows
- Using Tomcat Manager to execute code
- Cracking password hashes with John the Ripper by using a dictionary
- Cracking password hashes via Brute Force using Hashcat
- Using Automated Scanners
- Introduction
- Scanning with Nikto
- Considerations when doing automated scanning
- Finding vulnerabilities with Wapiti
- Using OWASP ZAP to scan for vulnerabilities
- Scanning with Skipfish
- Finding vulnerabilities in WordPress with WPScan
- Finding vulnerabilities in Joomla with JoomScan
- Scanning Drupal with CMSmap
- Bypassing Basic Security Controls
- Introduction
- Basic input validation bypass in Cross-Site Scripting attacks
- Exploiting Cross-Site Scripting using obfuscated code
- Bypassing file upload restrictions
- Avoiding CORS restrictions in web services
- Using Cross-Site Scripting to bypass CSRF protection and CORS restrictions
- Exploiting HTTP parameter pollution
- Exploiting vulnerabilities through HTTP headers
- Mitigation of OWASP Top 10 Vulnerabilities
- Introduction
- A1 – Preventing injection attacks
- A2 – Building proper authentication and session management
- A3 – Protecting sensitive data
- A4 – Using XML external entities securely
- A5 – Securing access control
- A6 – Basic security configuration guide
- A7 – Preventing Cross-Site Scripting
- A8 – Implementing object serialization and deserialization
- A9 – Where to look for known vulnerabilities on third-party components
- A10 – Logging and monitoring for web applications' security
- Other Books You May Enjoy
How it works...
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.