Index
A
- advance-free scams
- reference links / See also
- attack types
- sniper / How it works...
- battering ram / How it works...
- Pitchfork / How it works...
- cluster bomb / How it works...
B
- Bee-box virtual machine
- BeEF
- used, for exploiting XSS / Exploiting XSS with BeEF, How to do it..., How it works...
- features / There's more...
- URL / There's more...
- Billion laughs
- URL / There's more...
- Blind SQLi
- exploiting / Exploiting a Blind SQLi, How to do it..., There's more...
- blind SQL Injection
- identifying / Identifying a blind SQL Injection, How to do it..., How it works...
- Browser Exploitation Framework (BeeF)
- about / Attacking with BeEF
- used, for attacking / How to do it..., How it works...
- browser_autpwn2, Metasploit
- used, for attacking client / Using Metasploit's browser_autpwn2 to attack a client, How to do it..., How it works...
- EXCLUDE_PATTERN option / How it works...
- ShowExploitLis option / How it works...
- VERBOSE option / How it works...
- brute force
- password hashes, cracking with oclHashcat/cudaHashcat / Cracking password hashes by brute force using oclHashcat/cudaHashcat, Getting ready, How to do it..., How it works...
- Burp's repeater
- used, for sending repeating requests / Repeating requests with Burp's repeater, How to do it..., How it works...
- Burp Suite
- used, for crawling website / Using Burp Suite to crawl a website, How to do it..., How it works...
- about / Using Burp Suite to view and alter requests
- using, for viewing and altering requests / Using Burp Suite to view and alter requests, How to do it..., How it works...
- used, for performing dictionary attacks on login pages / Dictionary attacks on login pages with Burp Suite, How to do it..., How it works...
- bWapp Bee-box
- URL / See also
C
- cascading style sheets (CSS) / Using Firebug to analyze and alter basic behavior
- Certificate Authority (CA) / Setting up an SSL MITM attack
- CeWL
- used, for password profiling / Password profiling with CeWL, See also
- about / How it works...
- Chromium web browser
- URL / See also
- client
- attacking, with Metasploit's browser_autpwn2 / Using Metasploit's browser_autpwn2 to attack a client, How to do it...
- client virtual machine
- code
- executing, with Tomcat Manager / Using Tomcat Manager to execute code, How to do it..., How it works...
- command-line interface (CLI) / There's more...
- commands
- executing, Shellshock used / Executing commands with Shellshock, How to do it..., How it works...
- Common User Password Profiler (CUPP)
- content management systems (CMS) / Taking advantage of robots.txt
- Content Management Systems (CMS) / How to do it...
- cookies
- about / Obtaining and modifying cookies, Identifying vulnerabilities in cookies
- obtaining / Obtaining and modifying cookies, How to do it..., How it works...
- modifying / Obtaining and modifying cookies, Getting ready, How it works...
- vulnerabilities, identifying / Identifying vulnerabilities in cookies, How it works...
- crawling results
- relevant files, identifying / Identifying relevant files and directories from crawling results, How to do it...
- relevant directories, identifying / Identifying relevant files and directories from crawling results, How to do it...
- cross-site scripting
- preventing / A3 – Preventing cross-site scripting, How to do it...
- cross-site scripting (XSS)
- cross-site scripting (XSS) vulnerabilities
- cross site request forgery (CSRF) attack
- crunch / See also
- CSRF
- preventing / How to do it..., How it works...
- URL / See also
- CVE Details
- URL / How to do it...
D
- Damn Vulnerable Web Application (DVWA) / How to do it..., Getting ready
- data, between server and client
- database information
- obtaining, SQLMap used / Using SQLMap to get database information, How to do it..., How it works...
- DHCP Client Bash Environment Variable Code Injection
- URL / There's more...
- dictionary
- generating, with John the Ripper / Using John the Ripper to generate a dictionary, How to do it...
- used, for cracking password hashes with John the Ripper (JTR) / Cracking password hashes with John the Ripper by using a dictionary, How to do it..., How it works...
- dictionary attacks
- performing, on login pages with Burp Suite / Dictionary attacks on login pages with Burp Suite, How to do it..., How it works...
- DirBuster
- used, for finding files / Finding files and folders with DirBuster, How to do it..., How it works...
- used, for finding folders / Finding files and folders with DirBuster, How to do it..., How it works...
- disclosure mailing list
- URL / How to do it...
- DNS spoofing
- about / Performing DNS spoofing and redirecting traffic
- traffic, redirecting / Performing DNS spoofing and redirecting traffic, How to do it..., How it works...
- performing / Getting ready, How to do it..., How it works...
E
- encryption certificates
- URL / See also
- error based SQL injection
- Ettercap
- used, for setting up spoofing attack / Setting up a spoofing attack with Ettercap, Getting ready, How to do it..., How it works...
- Ettercap filters
- used, for detecting packet information / Modifying data between the server and the client
- Exploit-DB
- searching, for web server's vulnerabilities / Searching Exploit-DB for a web server's vulnerabilities, How to do it..., How it works...
- URL / See also
- Exploit DB
- URL / How to do it...
- Extensible Markup Language (XML) / Exploiting an XML External Entity Injection
F
- fake site
- user, directing to / Tricking the user to go to our fake site, How to do it..., How it works...
- file inclusions
- searching / Looking for file inclusions, How to do it..., There's more...
- about / Looking for file inclusions
- file inclusion vulnerabilities / Abusing file inclusions and uploads
- files
- finding, with DirBuster / Finding files and folders with DirBuster, How to do it..., How it works...
- finding, with OWASP ZAP (Zed Attack Proxy) / Finding files and folders with ZAP, Getting ready, How to do it..., How it works...
- files, wordlists
- rockyou.txt / There's more...
- dnsmap.txt / There's more...
- ./dirbuster/* / There's more...
- ./wfuzz/* / There's more...
- filters
- using / How to do it...
- Firebug
- used, for analyzing basic behavior / Using Firebug to analyze and alter basic behavior, How to do it..., How it works...
- used, for altering basic behavior / Using Firebug to analyze and alter basic behavior, How to do it..., There's more...
- folders
- finding, with DirBuster / Finding files and folders with DirBuster, How to do it..., How it works...
- finding, with OWASP ZAP (Zed Attack Proxy) / Finding files and folders with ZAP, Getting ready, How to do it..., How it works...
- function level access control
H
- Hackbar
- about / Using Hackbar add-on to ease parameter probing
- using, to ease parameter probing / Using Hackbar add-on to ease parameter probing, How to do it..., How it works...
- Heartbleed
- reference / There's more...
- Heartbleed vulnerability
- exploiting / Exploiting Heartbleed vulnerability, Getting ready, How to do it...
- HTTP Strict Transport Security (HSTS)
- about / How to do it...
- URL / How to do it...
- HTTrack
- about / Downloading the page for offline analysis with HTTrack
- URL / Downloading the page for offline analysis with HTTrack
- used, for downloading page for offline analysis / Getting ready, How to do it..., How it works..., There's more...
I
- Iceweasel browser
- setting up / Setting up the Iceweasel browser, How it works..., There's more...
- injection attacks
- preventing / A1 – Preventing injection attacks, How it works..., See also
- injection flaws
- Insecure Direct Object Reference (IDOR)
- about / A4 – Preventing Insecure Direct Object References
- preventing / How to do it..., How it works...
- installation
- OWASP Mantra / Installing and running OWASP Mantra, How to do it..., See also
- VirtualBox / Installing VirtualBox, How to do it..., How it works..., See also
- intrusion detection system (IDS) / Identifying a web application firewall
- intrusion prevention system (IPS) / Identifying a web application firewall
- iptables
- URL / See also
J
- John the Ripper
- about / Using John the Ripper to generate a dictionary
- used, for generating dictionary / Using John the Ripper to generate a dictionary, How it works...
- URL / There's more...
- John the Ripper (JTR)
- used, for cracking password hashes with dictionary / Cracking password hashes with John the Ripper by using a dictionary, How it works...
- Joomla
- URL / How to do it...
K
- Kali Linux
- updating / Updating and upgrading Kali Linux, How to do it...
- upgrading / Updating and upgrading Kali Linux, How to do it..., How it works...
- URL / Getting ready
- sqlninja tool / See also
- Bbqsql tool / See also
- jsql tool / See also
- Metasploit tool / See also
- known vulnerabilities
- searching, on third-party components / A9 – Where to look for known vulnerabilities on third-party components, How it works...
L
- local file inclusion (LFI) / How to do it...
- login pages
- dictionary attacks, performing with Burp Suite / Dictionary attacks on login pages with Burp Suite, How to do it...
M
- man in the middle (MITM) / Creating a client virtual machine
- Man in the Middle (MITM) attack
- about / Introduction
- Mantra on Chromium (MoC) / See also, How to do it..., There's more...
- Metasploit
- used, for attacking Tomcat’s password / Attacking Tomcat's passwords with Metasploit, How to do it..., How it works..., See also
- used, for creating reverse shell / Creating a reverse shell with Metasploit and capturing its connections, How to do it..., How it works...
- browser_autpwn2, used for attacking client / Using Metasploit's browser_autpwn2 to attack a client, How to do it..., How it works...
- Microsoft
- URL / How to do it...
- MITM
- modifiers, HTTrack
- -rN / There's more...
- -%eN / There's more...
- +[pattern] / There's more...
- -[pattern] / There's more...
- -F [user-agent] / There's more...
- multi-factor authentication (MFA) / How to do it...
N
- Nikto
- about / Scanning with Nikto
- used, for scanning / Scanning with Nikto, How to do it..., How it works...
- URL / Scanning with Nikto
- -H option / How it works...
- -config <file> option / How it works...
- -update option / How it works...
- -Format <format> option / How it works...
- -evasion <technique> option / How it works...
- -list-plugins option / How it works...
- -Plugins <plugins> option / How it works...
- -port <port number> option / How it works...
- Nmap
- used, for scanning service / Scanning and identifying services with Nmap, How to do it..., How it works..., There's more...
- used, for identifying service / Scanning and identifying services with Nmap, How to do it..., How it works..., See also
- -sT parameter / There's more...
- -Pn parameter / There's more...
- -v parameter / There's more...
- -p N1,N2,…,Nn parameter / There's more...
- --script=script_name parameter / There's more...
- scripts, URL / There's more...
O
- .ova file
- URL / How to do it...
- oclHashcat/cudaHashcat
- used, for cracking password hashes by brute force / Cracking password hashes by brute force using oclHashcat/cudaHashcat, Getting ready, How to do it..., How it works...
- URL / Getting ready
- Open Web Application Security Project (OWASP)
- vulnerabilities, URL / Introduction
- reference links / See also
- options, SSLsplit
- -D / How it works...
- -l connections.log / How it works...
- -j /tmp/sslsplit / How it works...
- -S logdir / How it works...
- -k and -c / How it works...
- ssl 0.0.0.0 8443 / How it works...
- tcp 0.0.0.0 8080 / How it works...
- options, Wget
- -l / There's more...
- -k / There's more...
- -p / There's more...
- -w / There's more...
- Oracle
- URL / How to do it...
- Oracle VM VirtualBox®
- URL / See also
- OS Command Injections
- exploiting / Exploiting OS Command Injections, How to do it..., How it works...
- OWASP
- OWASP Broken Web Apps (OWASP-bwa) / Creating a vulnerable virtual machine
- OWASP Mantra
- OWASP ZAP
- used, for scanning for vulnerabilities / Using OWASP ZAP to scan for vulnerabilities, How to do it..., How it works..., There's more...
- OWASP ZAP (Zed Attack Proxy)
- used, for finding files / Finding files and folders with ZAP, Getting ready, How to do it...
- used, for finding folders / Finding files and folders with ZAP, Getting ready, How to do it..., How it works...
P
- Packet Storm
- URL / How to do it...
- Padding Oracle On Downgraded Legacy Encryption (POODLE) / Identifying POODLE vulnerability
- page
- downloading for offline analysis, Wget used / Downloading a page for offline analysis with Wget, How to do it..., There's more...
- downloading for offline analysis, HTTrack used / Downloading the page for offline analysis with HTTrack, How to do it..., How it works..., There's more...
- password
- profiling, CeWL used / Password profiling with CeWL, How it works...
- password harvester
- creating, with SET / Creating a password harvester with SET, How to do it..., How it works...
- password hashes
- cracking, with John the Ripper (JTR) by using dictionary / Cracking password hashes with John the Ripper by using a dictionary, How to do it..., How it works...
- cracking, by brute force with oclHashcat/cudaHashcat / Cracking password hashes by brute force using oclHashcat/cudaHashcat, How to do it...
- passwords
- bruteforcing, with THC-Hydra passwords / Brute-forcing passwords with THC-Hydra, How to do it..., How it works...
- reference link / How to do it...
- passwords, Tomcat
- attacking, with Metasploit / Attacking Tomcat's passwords with Metasploit, How to do it..., How it works...
- payloads
- simple list / How it works...
- runtime file / How it works...
- numbers / How it works...
- username generator / How it works...
- bruteforcer / How it works...
- payment gateway
- URL / How to do it...
- phishing site
- creating, with previously saved pages / Using previously saved pages to create a phishing site, How to do it..., How it works...
- PHPSESSID
- about / How to do it, There's more...
- POODLE vulnerability
- identifying / Identifying POODLE vulnerability, How it works...
- proof of concept (PoC) / How it works...
- proper authentication
R
- reconnaissance
- about / Introduction
- redirect validation
- performing / How to do it..., How it works...
- referenced files and directories list
- identifying, from crawling results / Identifying relevant files and directories from crawling results, How to do it...
- RegExr
- URL / See also
- Regular Expressions
- reference links / See also
- requests
- sending, with Burp's repeater / Repeating requests with Burp's repeater, How to do it..., How it works...
- reverse shell
- connection, capturing / Creating a reverse shell with Metasploit and capturing its connections, How to do it..., How it works...
- creating, with Metasploit / Creating a reverse shell with Metasploit and capturing its connections, How to do it..., How it works...
- robots.txt
S
- security configuration guide
- using / How to do it..., How it works...
- sensitive data
- protecting / A6 – Protecting sensitive data, How it works...
- services
- scanning, with Nmap / Scanning and identifying services with Nmap, How to do it..., How it works..., There's more...
- identifying, with Nmap / Scanning and identifying services with Nmap, How to do it..., How it works..., There's more...
- session cookies
- obtaining, through XSS / Obtaining session cookies through XSS, Getting ready, How to do it..., How it works...
- session management
- SET
- used, for creating password harvester / Creating a password harvester with SET, How to do it..., How it works...
- URL / Creating a password harvester with SET
- Shellshock
- about / Executing commands with Shellshock
- used, for executing commands / Executing commands with Shellshock, How to do it..., How it works...
- source code
- watching / Watching the source code, How to do it..., How it works...
- spoofing attack
- setting up, Ettercap used / Setting up a spoofing attack with Ettercap, How to do it..., How it works...
- SQL injection
- used, for information extraction from database / Step by step basic SQL Injection, How to do it..., How it works...
- exploiting / Step by step basic SQL Injection, How to do it..., How it works...
- exploiting, with SQLMap / Finding and exploiting SQL Injections with SQLMap, How to do it..., How it works...
- finding, with SQLMap / Finding and exploiting SQL Injections with SQLMap, How to do it..., How it works...
- SQLMap
- used, for finding SQL injection / How to do it..., How it works..., See also
- used, for exploiting SQL injection / How to do it..., How it works..., See also
- URL / There's more...
- used, for obtaining database information / Using SQLMap to get database information, How to do it..., How it works...
- sqlninja
- URL / There's more...
- src property / How it works...
- SSL data
- obtaining, with SSLsplit / Getting ready, How to do it..., How it works...
- SSL information
- obtaining, with SSLScan / Obtaining SSL and TLS information with SSLScan, How to do it..., How it works...
- SSL MITM attack
- setting up / Setting up an SSL MITM attack, How to do it..., See also
- SSLScan
- SSL and TLS information, obtaining with / Obtaining SSL and TLS information with SSLScan, How to do it..., How it works...
- about / See also
- SSLsplit
- URL / See also
- used, for obtaining SSL data / Obtaining SSL data with SSLsplit, How to do it..., How it works...
- system() function / How it works...
T
- Tamper Data
- using, for intercepting and modifying requests / Using Tamper Data add-on to intercept and modify requests, How to do it..., How it works...
- THC-Hydra
- about / Brute-forcing passwords with THC-Hydra
- used, for bruteforcing passwords / Brute-forcing passwords with THC-Hydra, How to do it..., How it works...
- third-party components
- known vulnerabilities, searching / A9 – Where to look for known vulnerabilities on third-party components, How it works...
- TLS information
- obtaining, with SSLScan / Obtaining SSL and TLS information with SSLScan, How to do it..., How it works...
- Tomcat Manager
- used, for executing code / Using Tomcat Manager to execute code, How to do it..., How it works...
V
- Vega scanner
- about / Using Vega scanner
- using / Using Vega scanner, How to do it..., How it works...
- VirtualBox
- installing / Installing VirtualBox, How to do it..., How it works..., See also
- VirtualBox Extension Pack
- URL / There's more...
- virtual machines
- URL, for download / How to do it...
- configuring / Configuring virtual machines for correct communication, How to do it...
- vulnerabilities
- identifying, in cookies / Identifying vulnerabilities in cookies, How it works...
- finding, with Wapiti / Finding vulnerabilities with Wapiti, How to do it..., How it works...
- scanning, with OWASP ZAP / Using OWASP ZAP to scan for vulnerabilities, How to do it..., How it works..., There's more...
- vulnerabilities, Open Web Application Security Project (OWASP)
- injection attacks, preventing / A1 – Preventing injection attacks
- proper authentication, building / A2 – Building proper authentication and session management
- session management, building / A2 – Building proper authentication and session management
- cross-site scripting, preventing / A3 – Preventing cross-site scripting
- Insecure Direct Object Reference (IDOR), preventing / A4 – Preventing Insecure Direct Object References
- security configuration guide / A5 – Basic security configuration guide
- sensitive data, protecting / A6 – Protecting sensitive data
- function level access control, ensuring / A7 – Ensuring function level access control
- CSRF, preventing / A8 – Preventing CSRF
- known vulnerabilities, searching on third-party components / A9 – Where to look for known vulnerabilities on third-party components
- redirect validation / A10 – Redirect validation
- vulnerabilities, web server
- Exploit-DB, searching for / Searching Exploit-DB for a web server's vulnerabilities, How to do it..., How it works...
- reference links / See also
- vulnerability assessment / Introduction
- vulnerable virtual machine
- vulnerable VM
- web applications / Getting to know web applications on a vulnerable VM, How to do it..., How it works...
- VulnHub
- URL / See also
W
- Wapiti
- used, for finding vulnerabilities / Finding vulnerabilities with Wapiti, How to do it..., How it works...
- URL / Finding vulnerabilities with Wapiti
- -x <URL> option / How it works...
- -i <file> option / How it works...
- -a <login%password> option / How it works...
- --auth-method <method option / How it works...
- -s <URL> option / How it works...
- -p <proxy_url> option / How it works...
- web application, penetration-testing
- Cookies Manager+ / How it works...
- Firebug / How it works...
- Hackbar / How it works...
- Http Requester / How it works...
- Passive Recon / How it works...
- Tamper Data / How it works...
- Web Application Audit and Attack Framework (W3af)
- about / Scanning with w3af
- scanning / How to do it..., How it works...
- web application firewall (WAF)
- web applications
- on vulnerable VM / Getting to know web applications on a vulnerable VM, How to do it..., How it works...
- organizing, in groups / How it works...
- Web Protection library
- URL / How to do it...
- WebScarab
- about / Using WebScarab
- using / Getting ready, How to do it...
- webshell
- executing, with local file inclusions / Abusing file inclusions and uploads, How to do it..., There's more...
- website
- crawling, with Burp Suite / Using Burp Suite to crawl a website, Getting ready, How to do it..., How it works...
- Web vulnerabilities
- finding with Metasploit's Wmap / Finding Web vulnerabilities with Metasploit's Wmap, Getting ready, How to do it..., How it works...
- Wget
- about / Downloading a page for offline analysis with Wget
- used, for downloading page for offline analysis / Downloading a page for offline analysis with Wget, How to do it..., There's more...
- Wireshark
- used, for capturing traffic / Being the MITM and capturing traffic with Wireshark, How to do it..., How it works...
- reference links / See also
- Wmap, Metasploit
- used, for searching Web vulnerabilities / Finding Web vulnerabilities with Metasploit's Wmap, How to do it..., How it works...
- Wordlist Maker (WLM)
- wrappers
- URL / There's more...
X
- XML External Entity Injection (XEE)
- exploiting / Exploiting an XML External Entity Injection, How to do it..., How it works...
- URL / See also
- XSS
- session cookies, obtaining through / Obtaining session cookies through XSS, Getting ready, How to do it..., How it works...
- exploiting, BeEF used / Exploiting XSS with BeEF, How to do it..., How it works...
- XSS prevention cheat sheet
- URL / See also
Z
- ZAP
- using, for viewing and altering requests / Using ZAP to view and alter requests, How to do it..., How it works...
- about / Using ZAP to view and alter requests
- ZAP's spider
- using / Using ZAP's spider, How to do it..., How it works...