Book Image

Hands-On Web Penetration Testing with Metasploit

By : Harpreet Singh, Himanshu Sharma

Book Image

Hands-On Web Penetration Testing with Metasploit

By: Harpreet Singh, Himanshu Sharma

Overview of this book

Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you'll explore another aspect of the framework – web applications – which is not commonly used. You'll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing. The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you'll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you'll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools. By the end of this book, you'll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.

Preface

Who this book is for

What this book covers

To get the most out of this book

Introduction

Free Chapter

Introduction to Web Application Penetration Testing

Introduction to Web Application Penetration Testing

What is a penetration test?

Types of penetration test

Stages of penetration testing

Important terminologies

Penetration testing methodologies

Common Weakness Enumeration (CWE)

Further reading

Metasploit Essentials

Metasploit Essentials

Technical requirements

Introduction to Metasploit Framework

Metasploit Framework terminology

Installing and setting up Metasploit

Getting started with Metasploit Framework

Further reading

The Metasploit Web Interface

The Metasploit Web Interface

Technical requirements

Introduction to the Metasploit web interface

Installing and setting up the web interface

Getting started with the Metasploit web interface

Further reading

The Pentesting Life Cycle with Metasploit

The Pentesting Life Cycle with Metasploit

Using Metasploit for Reconnaissance

Using Metasploit for Reconnaissance

Technical requirements

Introduction to reconnaissance

Active reconnaissance

Passive reconnaissance

Further reading

Web Application Enumeration Using Metasploit

Web Application Enumeration Using Metasploit

Technical requirements

Introduction to enumeration

Enumerating files

Further reading

Vulnerability Scanning Using WMAP

Vulnerability Scanning Using WMAP

Technical requirements

Understanding WMAP

The WMAP scanning process

WMAP module execution order

Adding a module to WMAP

Clustered scanning using WMAP

Further reading

Vulnerability Assessment Using Metasploit (Nessus)

Vulnerability Assessment Using Metasploit (Nessus)

Technical requirements

Introduction to Nessus

Performing a Nessus scan via Metasploit

Further reading

Pentesting Content Management Systems (CMSes)

Pentesting Content Management Systems (CMSes)

Pentesting CMSes - WordPress

Pentesting CMSes - WordPress

Technical requirements

Introduction to WordPress

WordPress reconnaissance and enumeration

Vulnerability assessment for WordPress

WordPress exploitation part 1 – WordPress Arbitrary File Deletion

WordPress exploitation part 2 – unauthenticated SQL injection

WordPress exploitation part 3 – WordPress 5.0.0 Remote Code Execution

Going the extra mile – customizing the Metasploit exploit

Further reading

Pentesting CMSes - Joomla

Pentesting CMSes - Joomla

Technical requirements

An introduction to Joomla

The Joomla architecture

Reconnaissance and enumeration

Enumerating Joomla plugins and modules using Metasploit

Performing vulnerability scanning with Joomla

Joomla exploitation using Metasploit

Joomla shell upload

Further reading

Pentesting CMSes - Drupal

Pentesting CMSes - Drupal

Technical requirements

Introduction to Drupal and its architecture

Drupal reconnaissance and enumeration

Drupal vulnerability scanning using droopescan

Exploiting Drupal

Further reading

Performing Pentesting on Technological Platforms

Performing Pentesting on Technological Platforms

Penetration Testing on Technological Platforms - JBoss

Penetration Testing on Technological Platforms - JBoss

Technical requirements

An introduction to JBoss

Reconnaissance and enumeration

Performing a vulnerability assessment on JBoss AS

JBoss exploitation

Further reading

Penetration Testing on Technological Platforms - Apache Tomcat

Penetration Testing on Technological Platforms - Apache Tomcat

Technical requirements

An introduction to Tomcat

The Apache Tomcat architecture

Files and their directory structures

Detecting Tomcat installations

Version detection

Exploiting Tomcat

An introduction to Apache Struts

Further reading

Penetration Testing on Technological Platforms - Jenkins

Penetration Testing on Technological Platforms - Jenkins

Technical requirements

Introduction to Jenkins

Jenkins terminology

Jenkins reconnaissance and enumeration

Exploiting Jenkins

Further reading

Logical Bug Hunting

Logical Bug Hunting

Web Application Fuzzing - Logical Bug Hunting

Web Application Fuzzing - Logical Bug Hunting

Technical requirements

What is fuzzing?

Fuzzing terminology

Fuzzing attack types

Introduction to web app fuzzing

Identifying web application attack vectors

Further reading

Writing Penetration Testing Reports

Writing Penetration Testing Reports

Technical requirements

Introduction to report writing

Introduction to Dradis Framework

Working with Serpico

Further reading

Assessment

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

WordPress reconnaissance and enumeration

Before you start exploiting any plugin/theme/core vulnerability of WordPress, the first step is to confirm whether the site is on WordPress or not. As for detecting WordPress itself, there are various ways to detect the installation of a WordPress CMS:

Search for a wp-content string in the HTML page source.
Look for the /wp-trackback.php or /wp-links-opml.php filenames—they return XML in the case of a WordPress installation.

You can also try /wp-admin/admin-ajax.php and /wp-login.php.
Look for static files such as readme.html and /wp-includes/js/colorpicker.js.

Once you have confirmed that the site is running on WordPress, the next step is to know what version of WordPress is running on the target server. To achieve this, you need to know the different ways you can detect its version number. Why the version number? Because based...