Book Image

Becoming the Hacker

By : Adrian Pruteanu
Book Image

Becoming the Hacker

By: Adrian Pruteanu

Overview of this book

Becoming the Hacker will teach you how to approach web penetration testing with an attacker's mindset. While testing web applications for performance is common, the ever-changing threat landscape makes security testing much more difficult for the defender. There are many web application tools that claim to provide a complete survey and defense against potential threats, but they must be analyzed in line with the security needs of each web application or service. We must understand how an attacker approaches a web application and the implications of breaching its defenses. Through the first part of the book, Adrian Pruteanu walks you through commonly encountered vulnerabilities and how to take advantage of them to achieve your goal. The latter part of the book shifts gears and puts the newly learned techniques into practice, going over scenarios where the target may be a popular content management system or a containerized application and its network. Becoming the Hacker is a clear guide to web application security from an attacker's point of view, from which both sides can benefit.

Related Content you might be interested in

Current Title:

Small book image
Becoming the Hacker
Adrian Pruteanu
Jan, 2019 | 404 pages
Small book image
Metasploit Penetration Testing Cookbook
Monika Agarwal | Abhinav Singh | Nipun Jaswal | Daniel Teixeira
Feb, 2018 | 426 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (18 chapters)
Becoming the Hacker
Becoming the Hacker
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Attacking Web Applications
Introduction to Attacking Web Applications
Rules of engagement
The tester's toolkit
The attack proxy
Cloud infrastructure
Resources
Exercises
Summary
2
Efficient Discovery
Efficient Discovery
Types of assessments
Target mapping
Efficient brute-forcing
Polyglot payloads
Resources
Exercises
Summary
3
Low-Hanging Fruit
Low-Hanging Fruit
Network assessment
A better way to shell
Cleaning up
Resources
Summary
4
Advanced Brute-forcing
Advanced Brute-forcing
Password spraying
Behind seven proxies
Summary
5
File Inclusion Attacks
File Inclusion Attacks
RFI
LFI
File inclusion to remote code execution
More file upload issues
Summary
6
Out-of-Band Exploitation
Out-of-Band Exploitation
A common scenario
Command and control
Let’s Encrypt Communication
INet simulation
The confirmation
Async data exfiltration
Data inference
Summary
7
Automated Testing
Automated Testing
Extending Burp
Obfuscating code
Burp Collaborator
Summary
8
Bad Serialization
Bad Serialization
Abusing deserialization
Attacking custom protocols
Summary
9
Practical Client-Side Attacks
Practical Client-Side Attacks
SOP
Cross-origin resource sharing
XSS
CSRF
BeEF
Summary
10
Practical Server-Side Attacks
Practical Server-Side Attacks
Internal and external references
XXE attacks
Summary
11
Attacking APIs
Attacking APIs
API communication protocols
API authentication
Postman
Attack considerations
Summary
12
Attacking CMS
Attacking CMS
Application assessment
Backdooring the code
Summary
13
Breaking Containers
Breaking Containers
Vulnerable Docker scenario
Foothold
Situational awareness
Container breakout
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

A common scenario

Imagine that the application http://vuln.app.internal/user.aspx?name=Dade is vulnerable to a SQL injection attack on the name parameter. Traditional payloads and polyglots do not seem to affect the application's response. Perhaps database error messages are disabled and the name value is not processed synchronously by the application.

Somewhere on the backend Microsoft SQL (MS SQL) server, the following query is executed:

SELECT * FROM users WHERE user = 'Dade';

A simple single-quote value for name would produce a SQL error and we'd be in business, but in this case, the error messages are suppressed, so from a client perspective, we'd have no idea something went wrong. Taking it a step further, we can force the application to delay the response by a significant amount of time to confirm the vulnerability:

SELECT * FROM users WHERE user = 'Dade';WAITFOR DELAY '0:0:20' --';

This payload injects a 20 second delay into the query return, which is noticeable enough that it would raise...

Previous Section
End of Section 2
Next Section