Home Page Icon
Home Page
Table of Contents for
Getting ready
Close
Getting ready
by Gilberto Najera-Gutierrez
Kali Linux Web Penetration Testing Cookbook - Second Edition
Title Page
Copyright and Credits
Kali Linux Web Penetration Testing Cookbook Second Edition
Packt Upsell
Why subscribe?
PacktPub.com
Contributors
About the author
About the reviewer
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Sections
Getting ready
How to do it...
How it works...
There's more...
See also
Get in touch
Reviews
Disclaimer
Setting Up Kali Linux and the Testing Lab
Introduction
Installing VirtualBox on Windows and Linux
Getting ready
How to do it...
How it works...
There's more...
See also
Creating a Kali Linux virtual machine
Getting ready
How to do it...
How it works...
There's more...
Updating and upgrading Kali Linux
How to do it...
How it works...
Configuring the web browser for penetration testing
How to do it...
How it works...
See also
Creating a client virtual machine
How to do it...
How it works...
See also
Configuring virtual machines for correct communication
Getting ready
How to do it...
How it works...
Getting to know web applications on a vulnerable virtual machine
Getting ready
How to do it...
How it works...
See also
Reconnaissance
Introduction
Passive reconnaissance
Getting ready
How to do it...
How it works...
See also
Using Recon-ng to gather information
Getting ready
How to do it...
How it works...
See also
Scanning and identifying services with Nmap
Getting ready
How to do it...
How it works...
There's more...
See also
Identifying web application firewalls
How to do it...
How it works...
Identifying HTTPS encryption parameters
Getting ready
How to do it...
How it works...
See also
Using the browser's developer tools to analyze and alter basic behavior
How to do it...
How it works...
There's more...
Obtaining and modifying cookies
Getting ready
How to do it...
How it works...
There's more...
Taking advantage of robots.txt
How to do it...
How it works...
Using Proxies, Crawlers, and Spiders
Introduction
Finding files and folders with DirBuster
Getting ready
How to do it...
How it works...
See also
Finding files and folders with ZAP
Getting ready
How to do it...
How it works...
See also
Using Burp Suite to view and alter requests
Getting ready
How to do it...
How it works...
See also
Using Burp Suite's Intruder to find files and folders
How to do it...
How it works...
Using the ZAP proxy to view and alter requests
How to do it...
How it works...
Using ZAP spider
How to do it...
How it works...
There's more
Using Burp Suite to spider a website
Getting ready
How to do it...
How it works...
There's more
Repeating requests with Burp Suite's repeater
Getting ready
How to do it...
How it works...
Using WebScarab
Getting ready
How to do it...
How it works...
Identifying relevant files and directories from crawling results
How to do it...
How it works...
Testing Authentication and Session Management
Introduction
Username enumeration
Getting ready
How to do it...
How it works...
Dictionary attack on login pages with Burp Suite
How to do it...
How it works...
There's more...
Brute forcing basic authentication with Hydra
Getting ready
How to do it...
How it works...
There's more...
See also
Attacking Tomcat's passwords with Metasploit
Getting ready
How to do it...
How it works...
There's more...
Manually identifying vulnerabilities in cookies
How to do it...
How it works...
There's more...
Attacking a session fixation vulnerability
How to do it...
How it works...
Evaluating the quality of session identifiers with Burp Sequencer
Getting ready
How to do it...
How it works...
See also
Abusing insecure direct object references
Getting ready
How to do it...
How it works...
Performing a Cross-Site Request Forgery attack
Getting ready
How to do it...
How it works...
See also
Cross-Site Scripting and Client-Side Attacks
Introduction
Bypassing client-side controls using the browser
How to do it...
How it works...
See also
Identifying Cross-Site Scripting vulnerabilities
How to do it...
How it works...
There's more...
Obtaining session cookies through XSS
How to do it...
How it works...
See also
Exploiting DOM XSS
How to do it...
How it works...
Man-in-the-Browser attack with XSS and BeEF
Getting ready
How to do it...
How it works...
There's more...
Extracting information from web storage
How to do it...
How it works...
There's more...
Testing WebSockets with ZAP
Getting ready
How to do it...
How it works...
Using XSS and Metasploit to get a remote shell
Getting ready
How to do it...
How it works...
Exploiting Injection Vulnerabilities
Introduction
Looking for file inclusions
How to do it...
How it works...
There's more...
Abusing file inclusions and uploads
Getting ready
How to do it...
How it works...
There's more...
Manually identifying SQL injection
How to do it...
How it works...
There's more...
Step-by-step error-based SQL injections
How to do it...
How it works...
Identifying and exploiting blind SQL injections
How to do it...
How it works...
There's more...
See also
Finding and exploiting SQL injections with SQLMap
How to do it...
How it works...
There's more...
See also
Exploiting an XML External Entity injection
Getting ready
How to do it...
How it works...
There's more...
See also
Detecting and exploiting command injection vulnerabilities
How to do it...
How it works...
Exploiting Platform Vulnerabilities
Introduction
Exploiting Heartbleed vulnerability using Exploit-DB
Getting ready
How to do it...
How it works...
There's more...
See also
Executing commands by exploiting Shellshock
How to do it...
How it works...
There's more...
Creating and capturing a reverse shell with Metasploit
How to do it...
How it works...
Privilege escalation on Linux
Getting ready
How to do it...
How it works...
See also
Privilege escalation on Windows
Getting ready
How to do it...
How it works...
See also
Using Tomcat Manager to execute code
How to do it...
How it works...
Cracking password hashes with John the Ripper by using a dictionary
Getting ready
How to do it...
How it works...
Cracking password hashes via Brute Force using Hashcat
Getting ready
How to do it...
How it works...
Using Automated Scanners
Introduction
Scanning with Nikto
How to do it...
How it works...
Considerations when doing automated scanning
How to do it...
How it works...
Finding vulnerabilities with Wapiti
How to do it...
How it works...
Using OWASP ZAP to scan for vulnerabilities
Getting ready
How to do it...
How it works...
There's more...
Scanning with Skipfish
How to do it...
How it works...
Finding vulnerabilities in WordPress with WPScan
How to do it...
How it works...
Finding vulnerabilities in Joomla with JoomScan
How to do it...
How it works...
Scanning Drupal with CMSmap
Getting ready
How to do it...
How it works...
Bypassing Basic Security Controls
Introduction
Basic input validation bypass in Cross-Site Scripting attacks
How to do it...
How it works...
There's more...
Exploiting Cross-Site Scripting using obfuscated code
How to do it...
How it works...
Bypassing file upload restrictions
How to do it...
How it works...
Avoiding CORS restrictions in web services
Getting ready
How to do it...
How it works...
Using Cross-Site Scripting to bypass CSRF protection and CORS restrictions
How to do it...
How it works...
Exploiting HTTP parameter pollution
How to do it...
How it works...
Exploiting vulnerabilities through HTTP headers
How to do it...
How it works...
Mitigation of OWASP Top 10 Vulnerabilities
Introduction
A1 – Preventing injection attacks
How to do it...
How it works...
See also
A2 – Building proper authentication and session management
How to do it...
How it works...
See also
A3 – Protecting sensitive data
How to do it...
How it works...
A4 – Using XML external entities securely
How to do it...
How it works...
A5 – Securing access control
How to do it...
How it works...
A6 – Basic security configuration guide
How to do it...
How it works...
A7 – Preventing Cross-Site Scripting
How to do it...
How it works...
See also
A8 – Implementing object serialization and deserialization
How to do it...
How it works...
A9 – Where to look for known vulnerabilities on third-party components
How to do it...
How it works...
A10 – Logging and monitoring for web applications' security
How to do it...
How it works...
Other Books You May Enjoy
Leave a review - let other readers know what you think
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Scanning and identifying services with Nmap
Next
Next Chapter
How to do it...
Getting ready
All we need is to have our vulnerable
vm_1
running.
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset