Book Image

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By : Himanshu Sharma
Book Image

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By: Himanshu Sharma

Overview of this book

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities. The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report. By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book’s crisp and task-oriented recipes.
Table of Contents (15 chapters)

Web App Exploitation - Beyond OWASP Top 10

In OWASP Top 10, we usually see the most common way of finding and exploiting vulnerabilities. In this chapter, we will cover some of the uncommon cases that we might come across while hunting for bugs in a web application.

In this chapter, we will cover the following recipes:

  • Exploiting XSS with XSS Validator
  • Injection attacks with sqlpmap
  • Owning all .svn and .git repositories
  • Winning race conditions
  • Exploiting XXEs
  • Exploiting Jboss with JexBoss
  • Exploiting PHP Object Injection
  • Automating vulnerability detection with RapidScan
  • Backdoors using meterpreter
  • Backdoors using web shells