Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Becoming the Hacker
  • Table Of Contents Toc
Becoming the Hacker

Becoming the Hacker

By : Adrian Pruteanu
5 (1)
Buy this Book
close
close
Becoming the Hacker

Becoming the Hacker

5 (1)
By: Adrian Pruteanu
Buy this Book

Overview of this book

Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses. Through the first part of the book, Adrian Pruteanu walks you through commonly encountered vulnerabilities and how to take advantage of them to achieve your goal. The latter part of the book shifts gears and puts the newly learned techniques into practice, going over scenarios where the target may be a popular content management system or a containerized application and its network. Becoming the Hacker is a clear guide to web application security from an attacker's point of view, from which both sides can benefit.
Table of Contents (17 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
1. Introduction to Attacking Web Applications
Icon
1. Introduction to Attacking Web Applications
Icon
Rules of engagement
Icon
The tester's toolkit
Icon
The attack proxy
Icon
Cloud infrastructure
Icon
Resources
Icon
Exercises
Icon
Summary
2
2. Efficient Discovery
Icon
2. Efficient Discovery
Icon
Types of assessments
Icon
Target mapping
Icon
Efficient brute-forcing
Icon
Polyglot payloads
Icon
Resources
Icon
Exercises
Icon
Summary
3
3. Low-Hanging Fruit
Icon
3. Low-Hanging Fruit
Icon
Network assessment
Icon
A better way to shell
Icon
Cleaning up
Icon
Resources
Icon
Summary
4
4. Advanced Brute-forcing
Icon
4. Advanced Brute-forcing
Icon
Password spraying
Icon
Behind seven proxies
Icon
Summary
5
5. File Inclusion Attacks
Icon
5. File Inclusion Attacks
Icon
RFI
Icon
LFI
Icon
File inclusion to remote code execution
Icon
More file upload issues
Icon
Summary
6
6. Out-of-Band Exploitation
Icon
6. Out-of-Band Exploitation
Icon
A common scenario
Icon
Command and control
Icon
Let’s Encrypt Communication
Icon
INet simulation
Icon
The confirmation
Icon
Async data exfiltration
Icon
Data inference
Icon
Summary
7
7. Automated Testing
Icon
7. Automated Testing
Icon
Extending Burp
Icon
Obfuscating code
Icon
Burp Collaborator
Icon
Summary
8
8. Bad Serialization
Icon
8. Bad Serialization
Icon
Abusing deserialization
Icon
Attacking custom protocols
Icon
Summary
9
9. Practical Client-Side Attacks
Icon
9. Practical Client-Side Attacks
Icon
SOP
Icon
Cross-origin resource sharing
Icon
XSS
Icon
CSRF
Icon
BeEF
Icon
Summary
10
10. Practical Server-Side Attacks
Icon
10. Practical Server-Side Attacks
Icon
Internal and external references
Icon
XXE attacks
Icon
Summary
11
11. Attacking APIs
Icon
11. Attacking APIs
Icon
API communication protocols
Icon
API authentication
Icon
Postman
Icon
Attack considerations
Icon
Summary
12
12. Attacking CMS
Icon
12. Attacking CMS
Icon
Application assessment
Icon
Backdooring the code
Icon
Summary
13
13. Breaking Containers
chevron up
Icon
13. Breaking Containers
Icon
Vulnerable Docker scenario
Icon
Foothold
Icon
Situational awareness
Icon
Container breakout
Icon
Summary
14
Other Books You May Enjoy
Icon
Other Books You May Enjoy
15
Leave a review - let other readers know what you think
Icon
Leave a review - let other readers know what you think
16
Index
Icon
Index

Container breakout

We have access to the container's shell through the Meterpreter session and through that session, we can talk to other application containers hosted on the same machine. In the earlier Nmap scan of the Docker network, the 8022 service also stood out from the rest. As attackers, services with ports in the 8000 range are always interesting because underprotected development web servers can be found there. This particular port could be an exploitable web application and may give us more access than we currently have.

The Nmap scan report for the content_ssh_1 container also had the SSH port open, but this service is typically harder to exploit, short of brute-forcing for weak credentials:

Nmap scan report for content_ssh_1.content_default (172.18.0.2)
Host is up (0.00056s latency).
Not shown: 65534 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
8022/tcp open  unknown

If we go back and drop into a shell on the compromised container, we can execute a quick curl command...

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Becoming the Hacker
End of Section 13
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon