For this recipe, we will use the bee-box vulnerable virtual machine (https://sourceforge.net/projects/bwapp/files/bee-box/) as it has an OpenSSL version vulnerable to a well-known vulnerability called Heartbleed (http://heartbleed.com/), which affects encrypted communication over protocol TLS versions 1.0 and 1.1, and allows for an attacker to extract a portion of the server's memory containing unencrypted information.
Getting ready
by Gilberto Najera-Gutierrez
Kali Linux Web Penetration Testing Cookbook - Second Edition
- Title Page
- Copyright and Credits
- Packt Upsell
- Contributors
- Preface
- Setting Up Kali Linux and the Testing Lab
- Introduction
- Installing VirtualBox on Windows and Linux
- Creating a Kali Linux virtual machine
- Updating and upgrading Kali Linux
- Configuring the web browser for penetration testing
- Creating a client virtual machine
- Configuring virtual machines for correct communication
- Getting to know web applications on a vulnerable virtual machine
- Reconnaissance
- Introduction
- Passive reconnaissance
- Using Recon-ng to gather information
- Scanning and identifying services with Nmap
- Identifying web application firewalls
- Identifying HTTPS encryption parameters
- Using the browser's developer tools to analyze and alter basic behavior
- Obtaining and modifying cookies
- Taking advantage of robots.txt
- Using Proxies, Crawlers, and Spiders
- Introduction
- Finding files and folders with DirBuster
- Finding files and folders with ZAP
- Using Burp Suite to view and alter requests
- Using Burp Suite's Intruder to find files and folders
- Using the ZAP proxy to view and alter requests
- Using ZAP spider
- Using Burp Suite to spider a website
- Repeating requests with Burp Suite's repeater
- Using WebScarab
- Identifying relevant files and directories from crawling results
- Testing Authentication and Session Management
- Introduction
- Username enumeration
- Dictionary attack on login pages with Burp Suite
- Brute forcing basic authentication with Hydra
- Attacking Tomcat's passwords with Metasploit
- Manually identifying vulnerabilities in cookies
- Attacking a session fixation vulnerability
- Evaluating the quality of session identifiers with Burp Sequencer
- Abusing insecure direct object references
- Performing a Cross-Site Request Forgery attack
- Cross-Site Scripting and Client-Side Attacks
- Introduction
- Bypassing client-side controls using the browser
- Identifying Cross-Site Scripting vulnerabilities
- Obtaining session cookies through XSS
- Exploiting DOM XSS
- Man-in-the-Browser attack with XSS and BeEF
- Extracting information from web storage
- Testing WebSockets with ZAP
- Using XSS and Metasploit to get a remote shell
- Exploiting Injection Vulnerabilities
- Introduction
- Looking for file inclusions
- Abusing file inclusions and uploads
- Manually identifying SQL injection
- Step-by-step error-based SQL injections
- Identifying and exploiting blind SQL injections
- Finding and exploiting SQL injections with SQLMap
- Exploiting an XML External Entity injection
- Detecting and exploiting command injection vulnerabilities
- Exploiting Platform Vulnerabilities
- Introduction
- Exploiting Heartbleed vulnerability using Exploit-DB
- Executing commands by exploiting Shellshock
- Creating and capturing a reverse shell with Metasploit
- Privilege escalation on Linux
- Privilege escalation on Windows
- Using Tomcat Manager to execute code
- Cracking password hashes with John the Ripper by using a dictionary
- Cracking password hashes via Brute Force using Hashcat
- Using Automated Scanners
- Introduction
- Scanning with Nikto
- Considerations when doing automated scanning
- Finding vulnerabilities with Wapiti
- Using OWASP ZAP to scan for vulnerabilities
- Scanning with Skipfish
- Finding vulnerabilities in WordPress with WPScan
- Finding vulnerabilities in Joomla with JoomScan
- Scanning Drupal with CMSmap
- Bypassing Basic Security Controls
- Introduction
- Basic input validation bypass in Cross-Site Scripting attacks
- Exploiting Cross-Site Scripting using obfuscated code
- Bypassing file upload restrictions
- Avoiding CORS restrictions in web services
- Using Cross-Site Scripting to bypass CSRF protection and CORS restrictions
- Exploiting HTTP parameter pollution
- Exploiting vulnerabilities through HTTP headers
- Mitigation of OWASP Top 10 Vulnerabilities
- Introduction
- A1 – Preventing injection attacks
- A2 – Building proper authentication and session management
- A3 – Protecting sensitive data
- A4 – Using XML external entities securely
- A5 – Securing access control
- A6 – Basic security configuration guide
- A7 – Preventing Cross-Site Scripting
- A8 – Implementing object serialization and deserialization
- A9 – Where to look for known vulnerabilities on third-party components
- A10 – Logging and monitoring for web applications' security
- Other Books You May Enjoy
Getting ready
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.