Book Image

Kali Linux Web Penetration Testing Cookbook

By : Gilberto Najera-Gutierrez
Book Image

Kali Linux Web Penetration Testing Cookbook

By: Gilberto Najera-Gutierrez

Overview of this book

Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform and operating system that provides a huge array of testing tools, many of which can be used specifically to execute web penetration testing. This book will teach you, in the form step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure, for you and your users. Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. Finally, we will put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.

Related Content you might be interested in

Current Title:

Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto Najera-Gutierrez
Feb, 2016 | 296 pages
No titles found
Table of Contents (17 chapters)
Kali Linux Web Penetration Testing Cookbook
Kali Linux Web Penetration Testing Cookbook
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Setting Up Kali Linux
Setting Up Kali Linux
Introduction
Updating and upgrading Kali Linux
Installing and running OWASP Mantra
Setting up the Iceweasel browser
Installing VirtualBox
Creating a vulnerable virtual machine
Creating a client virtual machine
Configuring virtual machines for correct communication
Getting to know web applications on a vulnerable VM
2
Reconnaissance
Reconnaissance
Introduction
Scanning and identifying services with Nmap
Identifying a web application firewall
Watching the source code
Using Firebug to analyze and alter basic behavior
Obtaining and modifying cookies
Taking advantage of robots.txt
Finding files and folders with DirBuster
Password profiling with CeWL
Using John the Ripper to generate a dictionary
Finding files and folders with ZAP
3
Crawlers and Spiders
Crawlers and Spiders
Introduction
Downloading a page for offline analysis with Wget
Downloading the page for offline analysis with HTTrack
Using ZAP's spider
Using Burp Suite to crawl a website
Repeating requests with Burp's repeater
Using WebScarab
Identifying relevant files and directories from crawling results
4
Finding Vulnerabilities
Finding Vulnerabilities
Introduction
Using Hackbar add-on to ease parameter probing
Using Tamper Data add-on to intercept and modify requests
Using ZAP to view and alter requests
Using Burp Suite to view and alter requests
Identifying cross-site scripting (XSS) vulnerabilities
Identifying error based SQL injection
Identifying a blind SQL Injection
Identifying vulnerabilities in cookies
Obtaining SSL and TLS information with SSLScan
Looking for file inclusions
Identifying POODLE vulnerability
5
Automated Scanners
Automated Scanners
Introduction
Scanning with Nikto
Finding vulnerabilities with Wapiti
Using OWASP ZAP to scan for vulnerabilities
Scanning with w3af
Using Vega scanner
Finding Web vulnerabilities with Metasploit's Wmap
6
Exploitation – Low Hanging Fruits
Exploitation – Low Hanging Fruits
Introduction
Abusing file inclusions and uploads
Exploiting OS Command Injections
Exploiting an XML External Entity Injection
Brute-forcing passwords with THC-Hydra
Dictionary attacks on login pages with Burp Suite
Obtaining session cookies through XSS
Step by step basic SQL Injection
Finding and exploiting SQL Injections with SQLMap
Attacking Tomcat's passwords with Metasploit
Using Tomcat Manager to execute code
7
Advanced Exploitation
Advanced Exploitation
Introduction
Searching Exploit-DB for a web server's vulnerabilities
Exploiting Heartbleed vulnerability
Exploiting XSS with BeEF
Exploiting a Blind SQLi
Using SQLMap to get database information
Performing a cross-site request forgery attack
Executing commands with Shellshock
Cracking password hashes with John the Ripper by using a dictionary
Cracking password hashes by brute force using oclHashcat/cudaHashcat
8
Man in the Middle Attacks
Man in the Middle Attacks
Introduction
Setting up a spoofing attack with Ettercap
Being the MITM and capturing traffic with Wireshark
Modifying data between the server and the client
Setting up an SSL MITM attack
Obtaining SSL data with SSLsplit
Performing DNS spoofing and redirecting traffic
9
Client-Side Attacks and Social Engineering
Client-Side Attacks and Social Engineering
Introduction
Creating a password harvester with SET
Using previously saved pages to create a phishing site
Creating a reverse shell with Metasploit and capturing its connections
Using Metasploit's browser_autpwn2 to attack a client
Attacking with BeEF
Tricking the user to go to our fake site
10
Mitigation of OWASP Top 10
Mitigation of OWASP Top 10
Introduction
A1 – Preventing injection attacks
A2 – Building proper authentication and session management
A3 – Preventing cross-site scripting
A4 – Preventing Insecure Direct Object References
A5 – Basic security configuration guide
A6 – Protecting sensitive data
A7 – Ensuring function level access control
A8 – Preventing CSRF
A9 – Where to look for known vulnerabilities on third-party components
A10 – Redirect validation
Index
Index

Configuring virtual machines for correct communication

To be able to communicate with our virtual server and client, we need to be in the same network segment; however, having virtual machines with known vulnerabilities in our local network may pose an important security risk. To avoid this risk, we will perform a special configuration in VirtualBox to allow us to communicate with both server and client virtual machines from our Kali Linux host without exposing them to the network.

Getting ready

Before we proceed, open VirtualBox and make sure that the vulnerable server and client virtual machines are turned off.

How to do it...

  1. In VirtualBox navigate to File | Preferences… | Network.

  2. Select the Host-only Networks tab.

  3. Click on the () button to add a new network.
  4. The new network (vboxnet0) will be created and its "details window" will pop up. If it doesn't, select the network and click on the () button to edit its properties.

  5. In this dialog box, you can specify the network configuration, if it doesn't interfere with your local network configuration, leave it as it is. You may change it and use some other address in the segments reserved for local networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).

  6. After proper configuration is done, click OK.

  7. The next step is to configure the vulnerable virtual machine (vulnerable_vm). Select it and go to its settings.

  8. Click Network and, in the Attached to: drop-down menu, select Host-only Adapter.

  9. In Name, select vboxnet0.

  10. Click OK.

  11. Follow steps 7 to 10 in the client virtual machine (IE8 - Win7).

  12. After having both virtual machines configured, let's test if they can actually communicate. Start both the machines.

  13. Let's see the network configuration of our host system: open a terminal and type:

    ifconfig

  14. We can see that we have a network adapter called vboxnet0 and it has the IP address 192.168.56.1. Depending on the configuration you used, this may vary.

  15. Log into vulnerable_vm and check its IP address for adapter eth0:

    ifconfig

  16. Now, let's go to our client machine IE8 - Win7; open a command prompt and type:

    ipconfig

  17. Now, we have the IP addresses of our three machines:

    • 192.168.56.1 for the host

    • 192.168.56.102 for vulnerable_vm

    • 192.168.56.103 for IE8 - Win7

  18. To test the communication, we are going to ping both virtual machines from our host:

    ping -c 4 192.168.56.102
ping -c 4 192.168.56.103

    Ping sends an ICMP request to the destination and waits for the reply; this is useful to test whether communication is possible between two nodes in the network.

  19. We do the same from both the virtual machines thus checking communication to the server and the other virtual machine.

  20. The IE8 - Win7 machine may not respond to pings; that's normal because Windows 7 is configured by default to not respond to ping requests. To check connectivity in this case, we can use arping from the Kali host:

    arping –c 4 192.168.56.103

How it works...

A host-only network is a virtual network that acts as a LAN but its reach is limited to the host that is running the virtual machines without exposing them to external systems. This kind of network also provides a virtual adapter for the host to communicate with the virtual machines as if they were in the same network segment.

With the configuration we just made, we will be able to communicate between a client and server and both of them can communicate with the Kali Linux host, which will act as the attacking machine.

Previous Section
End of Section 9
Next Section