Searching Exploit-DB for a web server's vulnerabilities
Exploiting Heartbleed vulnerability
Exploiting XSS with BeEF
Exploiting a Blind SQLi
Using SQLMap to get database information
Performing a cross-site request forgery attack
Executing commands with Shellshock
Cracking password hashes with John the Ripper by using a dictionary
Cracking password hashes by brute force with oclHashcat/cudaHashcat
Introduction
Having profited from some relatively easy to discover and exploit vulnerabilities, we will now move on to other issues that may require a little more effort from us as penetration testers.
In this chapter, we will search for exploits, compile programs, set up servers and crack passwords that will allow us to access sensitive information and execute privileged functions in servers and applications.