Web Application Vulnerability Assessment | Kali Linux Intrusion and Exploitation Cookbook

Sign In Start Free Trial

Book Overview & Buying
Table Of Contents

Kali Linux Intrusion and Exploitation Cookbook

By : Ishan Girdhar, Dhruv Shah

4.3 (6)

Kali Linux Intrusion and Exploitation Cookbook

4.3 (6)

By: Ishan Girdhar, Dhruv Shah

Overview of this book

With the increasing threats of breaches and attacks on critical infrastructure, system administrators and architects can use Kali Linux 2.0 to ensure their infrastructure is secure by finding out known vulnerabilities and safeguarding their infrastructure against unknown vulnerabilities. This practical cookbook-style guide contains chapters carefully structured in three phases – information gathering, vulnerability assessment, and penetration testing for the web, and wired and wireless networks. It's an ideal reference guide if you’re looking for a solution to a specific problem or learning how to use a tool. We provide hands-on examples of powerful tools/scripts designed for exploitation. In the final section, we cover various tools you can use during testing, and we help you create in-depth reports to impress management. We provide system engineers with steps to reproduce issues and fix them.

Title Page

Title Page

Credits

Credits

About the Authors

About the Authors

About the Reviewers

About the Reviewers

www.PacktPub.com

www.PacktPub.com

Customer Feedback

Customer Feedback

Preface

Preface

Free Chapter

Getting Started - Setting Up an Environment

Getting Started - Setting Up an Environment

Introduction

Installing Kali Linux on Cloud - Amazon AWS

Installing Kali Linux on Docker

Installing NetHunter on OnePlus One

Installing Kali Linux on a virtual machine

Customizing Kali Linux for faster package updates

Customizing Kali Linux for faster operations

Configuring remote connectivity services - HTTP, TFTP, and SSH

Configuring Nessus and Metasploit

Configuring third-party tools

Installing Docker on Kali Linux

Network Information Gathering

Network Information Gathering

Introduction

Discovering live servers over the network

Bypassing IDS/IPS/firewall

Discovering ports over the network

Using unicornscan for faster port scanning

Service fingerprinting

Determining the OS using nmap and xprobe2

Service enumeration

Open-source information gathering

Network Vulnerability Assessment

Network Vulnerability Assessment

Introduction

Using nmap for manual vulnerability assessment

Integrating nmap with Metasploit

Walkthrough of Metasploitable assessment with Metasploit

Vulnerability assessment with OpenVAS framework

Network Exploitation

Network Exploitation

Introduction

Gathering information for credential cracking

Cracking FTP login using custom wordlist

Cracking SSH login using custom wordlist

Cracking HTTP logins using custom wordlist

Cracking MySql and PostgreSQL login using custom wordlist

Cracking Cisco login using custom wordlist

Exploiting vulnerable services (Unix)

Exploiting vulnerable services (Windows)

Exploiting services using exploit-db scripts

Web Application Information Gathering

Web Application Information Gathering

Introduction

Setting up API keys for recon-ng

Using recon-ng for reconnaissance

Gathering information using theharvester

Using DNS protocol for information gathering

Web application firewall detection

HTTP and DNS load balancer detection

Discovering hidden files/directories using DirBuster

CMS and plugins detection using WhatWeb and p0f

Finding SSL cipher vulnerabilities

Web Application Vulnerability Assessment

Web Application Vulnerability Assessment

Introduction

Running vulnerable web applications in Docker

Using W3af for vulnerability assessment

Using Nikto for web server assessment

Using Skipfish for vulnerability assessment

Using Burp Proxy to intercept HTTP traffic

Using Burp Intruder for customized attack automation

Using Burp Sequencer to test the session randomness

Web Application Exploitation

Web Application Exploitation

Introduction

Using Burp for active/passive scanning

Using sqlmap to find SQL Injection on the login page

Exploiting SQL Injection on URL parameters using SQL Injection

Using Weevely for file upload vulnerability

Exploiting Shellshock using Burp

Using Metasploit to exploit Heartbleed

Using the FIMAP tool for file inclusion attacks (RFI/LFI)

System and Password Exploitation

System and Password Exploitation

Introduction

Using local password-attack tools

Cracking password hashes

Using Social-Engineering Toolkit

Using BeEF for browser exploitation

Cracking NTLM hashes using rainbow tables

Privilege Escalation and Exploitation

Privilege Escalation and Exploitation

Introduction

Using WMIC to find privilege-escalation vulnerabilities

Sensitive-information gathering

Unquoted service-path exploitation

Service permission issues

Misconfigured software installations/insecure file permissions

Linux privilege escalation

Wireless Exploitation

Wireless Exploitation

Introduction

Setting up a wireless network

Bypassing MAC address filtering

Sniffing network traffic

Cracking WEP encryption

Cracking WPA/WPA2 encryption

Cracking WPS

Denial-of-service attacks

Pen Testing 101 Basics

Pen Testing 101 Basics

Introduction

What is penetration testing?

What is vulnerability assessment

Penetration testing versus vulnerability assessment

Objectives of penetration testing

Types of penetration testing

Who should be doing penetration testing?

What is the goal here?

General penetration testing phases

Conclusion

Using Burp Proxy to intercept HTTP traffic

In this recipe, we will use the Proxy to intercept our browser traffic and manipulate the on the go.

Getting ready

To step through this recipe, you will need Kali Linux running on Oracle Virtualbox and an Internet connection. No other prerequisites are required.

How to do it...

For this recipe, you need to perform the following steps:

To start Burp, go to Menu | Kali Linux | Applications | burpsuite and click on the Start burpsuite, as shown in the following screenshot:

Also open and navigate to Edit Menu | Preferences | Advance Tab | Network | Settings and set the proxy as 127.0.0.1 and the port as 8080, as shown in the screenshot:

Click on OK and go to Burp | Proxy, as shown in the following screenshot:

Now, come back to the window and open http://172.17.0.2/dvwa/login.php and press Enter ; the moment you press Enter , the request will be intercepted by Burp, as shown in the screenshot:

Click on Forward to let go of any requests that...

CONTINUE READING

83

Tech Concepts

36

Programming languages

73

Tech Tools

Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.

Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.

50+ new titles added per month and exclusive early access to books as they are being written.

Kali Linux Intrusion and Exploitation Cookbook

Search

Your notes and bookmarks