第1页 / 共297页
第2页 / 共297页
第3页 / 共297页
第4页 / 共297页
第5页 / 共297页
第6页 / 共297页
第7页 / 共297页
第8页 / 共297页
Kali Linux Web Penetration Testing Cookbook.pdf
Cover
Copyright
Credits
About the Author
About the Reviewers
www.PacktPub.com
Table of Contents
Preface
Chapter 1: Setting Up Kali Linux
Introduction
Updating and upgrading Kali Linux
Installing and running OWASP Mantra
Setting up the Iceweasel browser
Installing VirtualBox
Creating a vulnerable virtual machine
Creating a client virtual machine
Configuring virtual machines for correct communication
Getting to know web applications on a vulnerable VM
Chapter 2: Reconnaissance
Introduction
Scanning and identifying services with Nmap
Identifying a web application firewall
Watching the source code
Using Firebug to analyze and alter
basic behavior
Obtaining and modifying cookies
Taking advantage of robots.txt
Finding files and folders with DirBuster
Password profiling with CeWL
Using John the Ripper to generate
a dictionary
Finding files and folders with ZAP
Chapter 3: Crawlers and Spiders
Introduction
Downloading a page for offline analysis
with Wget
Downloading the page for offline analysis with HTTrack
Using ZAP's spider
Using Burp Suite to crawl a website
Repeating requests with Burp's repeater
Using WebScarab
Identifying relevant files and directories from crawling results
Chapter 4: Finding Vulnerabilities
Introduction
Using Hackbar add-on to ease parameter probing
Using Tamper Data add-on to intercept and modify requests
Using ZAP to view and alter requests
Using Burp Suite to view and alter requests
Identifying cross-site scripting (XSS) vulnerabilities
Identifying error based SQL injection
Identifying a blind SQL Injection
Identifying vulnerabilities in cookies
Obtaining SSL and TLS information
with SSLScan
Looking for file inclusions
Identifying POODLE vulnerability
Chapter 5: Automated Scanners
Introduction
Scanning with Nikto
Finding vulnerabilities with Wapiti
Using OWASP ZAP to scan for vulnerabilities
Scanning with w3af
Using Vega scanner
Finding Web vulnerabilities with
Metasploit's Wmap
Chapter 6: Exploitation – Low Hanging Fruits
Introduction
Abusing file inclusions and uploads
Exploiting OS Command Injections
Exploiting an XML External Entity Injection
Brute-forcing passwords with THC-Hydra
Dictionary attacks on login pages with Burp Suite
Obtaining session cookies through XSS
Step by step basic SQL Injection
Finding and exploiting SQL Injections with SQLMap
Attacking Tomcat's passwords with Metasploit
Using Tomcat Manager to execute code
Chapter 7: Advanced Exploitation
Introduction
Searching Exploit-DB for a web server's vulnerabilities
Exploiting Heartbleed vulnerability
Exploiting XSS with BeEF
Exploiting a Blind SQLi
Using SQLMap to get database information
Performing a cross-site request forgery attack
Executing commands with Shellshock
Cracking password hashes with John the Ripper by using a dictionary
Cracking password hashes by brute force using oclHashcat/cudaHashcat
Chapter 8: Man in the
Middle Attacks
Introduction
Setting up a spoofing attack with Ettercap
Being the MITM and capturing traffic
with Wireshark
Modifying data between the server and
the client
Setting up an SSL MITM attack
Obtaining SSL data with SSLsplit
Performing DNS spoofing and redirecting traffic
Chapter 9: Client-Side Attacks and Social Engineering
Introduction
Creating a password harvester with SET
Using previously saved pages to create a phishing site
Creating a reverse shell with Metasploit and capturing its connections
Using Metasploit's browser_autpwn2 to attack a client
Attacking with BeEF
Tricking the user to go to our fake site
Chapter 10: Mitigation of OWASP Top 10
Introduction
A1 – Preventing injection attacks
A2 – Building proper authentication and session management
A3 – Preventing cross-site scripting
A4 – Preventing Insecure Direct Object References
A5 – Basic security configuration guide
A6 – Protecting sensitive data
A7 – Ensuring function level access control
A8 – Preventing CSRF
A9 – Where to look for known vulnerabilities on third-party components
A10 – Redirect validation
Index
Kali Linux
Web Penetration
Testing Cookbook
Over 80 recipes on how to identify, exploit, and test
web application security with Kali Linux 2
Gilberto Nájera-Gutiérrez
BIRMINGHAM - MUMBAI
Kali Linux Web Penetration
Testing Cookbook
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system,
or transmitted in any form or by any means, without the prior written permission of the
publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the
information presented. However, the information contained in this book is sold without
warranty, either express or implied. Neither the author, nor Packt Publishing, and its
dealers and distributors will be held liable for any damages caused or alleged to be
caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: February 2016
Production reference: 1220216
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-291-8
www.packtpub.com
Credits
Author
Gilberto Nájera-Gutiérrez
Copy Editor
Sneha Singh
Reviewers
Gregory Douglas Hill
Nikunj Jadawala
Abhinav Rai
Commissioning Editor
Julian Ursell
Acquisition Editors
Tushar Gupta
Usha Iyer
Project Coordinator
Nikhil Nair
Proofreader
Safis Editing
Indexer
Rekha Nair
Graphics
Abhinash Sahu
Content Development Editor
Arun Nadar
Production Coordinator
Manu Joseph
Technical Editor
Pramod Kumavat
Cover Work
Manu Joseph
About the Author
Gilberto Nájera-Gutiérrez leads the Security Testing Team (STT) at Sm4rt Security Services,
one of the top security firms in Mexico.
He is also an Offensive Security Certified Professional (OSCP), an EC-Council Certified Security
Administrator (ECSA), and holds a master's degree in computer science with specialization in
artificial intelligence.
He has been working as a Penetration Tester since 2013 and has been a security
enthusiast since high school; he has successfully conducted penetration tests on networks
and applications of some of the biggest corporations in Mexico, such as government agencies
and financial institutions.
To Leticia, thanks for your love, support and encouragement; this wouldn't
have been possible without you. Love you Mi Reina!
To my team: Daniel, Vanessa, Rafael, Fernando, Carlos, Karen, Juan Carlos,
Uriel, Iván, and Aldo. Your talent and passion inspire me to do things like
this and to always look for new challenges. Thank you guys, keep it going!
About the Reviewers
Gregory Douglas Hill is an ethical hacking student from Abertay University, Scotland,
who also works for an independent web application developer focusing on security. From
several years of programming and problem solving experience, along with the invaluable
level of specialized training that Abertay delivers to their students, security has become
an integral part of his life. He has written several white papers ranging from IDS evasion
to automated XSS fuzzing and presented talks on SQL injection and social engineering to
the local ethical hacking society.
I would like to thank my friends and family for the inspiration I needed to
help produce this book, especially with my increasing academic workload.
Nikunj Jadawala is a security consultant at Cigital. He has over 2 years of experience in
the security industry in a variety of roles, including network and web application penetration
testing and also computer forensics.
At Cigital, he works with a number of Fortune 250 companies on compliance, governance,
forensics projects, conducting security assessments, and audits. He is a dedicated security
evangelist, providing constant security support to businesses, educational institutions, and
governmental agencies, globally.
I would like to thank my family for supporting me throughout the book-writing
process. I'd also like to thank my friends who have guided me in the InfoSec
field and my colleagues at Cigital for being there when I needed help and
support.
Abhinav Rai has been associated with information security, and has experience of
application security and network security as well. He has performed security assessments
on various applications built on different platforms. He is currently working as an information
security analyst.
He has completed his degree in Computer Science and his post-graduate diploma in IT
Infrastructure System and Security. He also holds a certificate in communication protocol
design and testing.
He can be reached at abhinav.rai.55@gmail.com.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub
files available? You can upgrade to the eBook version at www.PacktPub.com and as a print
book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
customercare@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up
for a range of free newsletters and receive exclusive discounts and offers on Packt books
and eBooks.
TM
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book
library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
f Fully searchable across every book published by Packt
f Copy and paste, print, and bookmark content
f On demand and accessible via a web browser
相关推荐
2023年江西萍乡中考道德与法治真题及答案.doc
2012年重庆南川中考生物真题及答案.doc
2013年江西师范大学地理学综合及文艺理论基础考研真题.doc
2020年四川甘孜小升初语文真题及答案I卷.doc
2020年注册岩土工程师专业基础考试真题及答案.doc
2023-2024学年福建省厦门市九年级上学期数学月考试题及答案.doc
2021-2022学年辽宁省沈阳市大东区九年级上学期语文期末试题及答案.doc
2022-2023学年北京东城区初三第一学期物理期末试卷及答案.doc
2018上半年江西教师资格初中地理学科知识与教学能力真题及答案.doc
2012年河北国家公务员申论考试真题及答案-省级.doc
2020-2021学年江苏省扬州市江都区邵樊片九年级上学期数学第一次质量检测试题及答案.doc
2022下半年黑龙江教师资格证中学综合素质真题及答案.doc
