Kali Linux Web Penetration Testing Cookbook
()
About this ebook
Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2
About This Book- Familiarize yourself with the most common web vulnerabilities a web application faces, and understand how attackers take advantage of them
- Set up a penetration testing lab to conduct a preliminary assessment of attack surfaces and run exploits
- Learn how to prevent vulnerabilities in web applications before an attacker can make the most of it
This book is for IT professionals, web developers, security enthusiasts, and security professionals who want an accessible reference on how to find, exploit, and prevent security vulnerabilities in web applications. You should know the basics of operating a Linux environment and have some exposure to security technologies and tools.
What You Will Learn- Set up a penetration testing laboratory in a secure way
- Find out what information is useful to gather when performing penetration tests and where to look for it
- Use crawlers and spiders to investigate an entire website in minutes
- Discover security vulnerabilities in web applications in the web browser and using command-line tools
- Improve your testing efficiency with the use of automated vulnerability scanners
- Exploit vulnerabilities that require a complex setup, run custom-made exploits, and prepare for extraordinary scenarios
- Set up Man in the Middle attacks and use them to identify and exploit security flaws within the communication between users and the web server
- Create a malicious site that will find and exploit vulnerabilities in the user's web browser
- Repair the most common web vulnerabilities and understand how to prevent them becoming a threat to a site's security
Web applications are a huge point of attack for malicious hackers and a critical area for security professionals and penetration testers to lock down and secure. Kali Linux is a Linux-based penetration testing platform and operating system that provides a huge array of testing tools, many of which can be used specifically to execute web penetration testing.
This book will teach you, in the form step-by-step recipes, how to detect a wide array of vulnerabilities, exploit them to analyze their consequences, and ultimately buffer attackable surfaces so applications are more secure, for you and your users.
Starting from the setup of a testing laboratory, this book will give you the skills you need to cover every stage of a penetration test: from gathering information about the system and the application to identifying vulnerabilities through manual testing and the use of vulnerability scanners to both basic and advanced exploitation techniques that may lead to a full system compromise. Finally, we will put this into the context of OWASP and the top 10 web application vulnerabilities you are most likely to encounter, equipping you with the ability to combat them effectively. By the end of the book, you will have the required skills to identify, exploit, and prevent web application vulnerabilities.
Style and approachTaking a recipe-based approach to web security, this book has been designed to cover each stage of a penetration test, with descriptions on how tools work and why certain programming or configuration practices can become security vulnerabilities that may put a whole system, or network, at risk. Each topic is presented as a sequence of tasks and contains a proper explanation of why each task is performed and what it accomplishes.
Read more from Nájera Gutiérrez Gilberto
Kali Linux Web Penetration Testing Cookbook Rating: 0 out of 5 stars0 ratingsImproving your Penetration Testing Skills: Strengthen your defense against web attacks with Kali Linux and Metasploit Rating: 0 out of 5 stars0 ratingsKali Linux Web Penetration Testing Cookbook: Identify, exploit, and prevent web application vulnerabilities with Kali Linux 2018.x Rating: 0 out of 5 stars0 ratings
Related to Kali Linux Web Penetration Testing Cookbook
Related ebooks
Metasploit Penetration Testing Cookbook Rating: 0 out of 5 stars0 ratingsApache Maven Cookbook Rating: 0 out of 5 stars0 ratingsLaravel Application Development Cookbook Rating: 0 out of 5 stars0 ratingsDart Cookbook Rating: 0 out of 5 stars0 ratingsCentOS 7 Server Deployment Cookbook Rating: 0 out of 5 stars0 ratingsPuppet 3 Cookbook Rating: 3 out of 5 stars3/5Windows Server 2012 Automation with PowerShell Cookbook Rating: 0 out of 5 stars0 ratingsPuppet Cookbook - Third Edition Rating: 5 out of 5 stars5/5Apache OfBiz Cookbook: Over 60 simple but incredibly effective recipes for taking control of OFBiz Rating: 0 out of 5 stars0 ratingsMicrosoft Windows Server AppFabric Cookbook Rating: 0 out of 5 stars0 ratingsYii2 Application Development Cookbook - Third Edition Rating: 0 out of 5 stars0 ratingsWindows Server 2012 R2 Administrator Cookbook Rating: 5 out of 5 stars5/5Nmap 6: Network Exploration and Security Auditing Cookbook Rating: 0 out of 5 stars0 ratingsNode Cookbook Rating: 0 out of 5 stars0 ratingsNode Cookbook: Second Edition Rating: 3 out of 5 stars3/5CoffeeScript Application Development Cookbook Rating: 0 out of 5 stars0 ratingsPowerCLI Cookbook Rating: 0 out of 5 stars0 ratingsSolr Cookbook - Third Edition Rating: 0 out of 5 stars0 ratingsPostgreSQL 9 High Availability Cookbook Rating: 5 out of 5 stars5/5PHP 7 Programming Cookbook Rating: 0 out of 5 stars0 ratingsService Worker Development Cookbook Rating: 0 out of 5 stars0 ratingsMicrosoft Azure Development Cookbook Second Edition Rating: 5 out of 5 stars5/5Oracle 11g Anti-hacker's Cookbook Rating: 5 out of 5 stars5/5pfSense 2 Cookbook Rating: 3 out of 5 stars3/5Phalcon Cookbook Rating: 0 out of 5 stars0 ratingsSoapUI Cookbook Rating: 0 out of 5 stars0 ratingsVMware vCloud Director Cookbook Rating: 0 out of 5 stars0 ratingsWildFly Cookbook Rating: 0 out of 5 stars0 ratings
Security For You
Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThe Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide with over 500 Practice Test Questions: Exam SY0-701 Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsCybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 5 out of 5 stars5/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCodes and Ciphers Rating: 5 out of 5 stars5/5CompTia Security 701: Fundamentals of Security Rating: 0 out of 5 stars0 ratingsCISM Certified Information Security Manager Study Guide Rating: 0 out of 5 stars0 ratingsNmap Essentials Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5
Reviews for Kali Linux Web Penetration Testing Cookbook
0 ratings0 reviews
Book preview
Kali Linux Web Penetration Testing Cookbook - Nájera-Gutiérrez Gilberto
Table of Contents
Kali Linux Web Penetration Testing Cookbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
eBooks, discount offers, and more
Why subscribe?
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting Up Kali Linux
Introduction
Updating and upgrading Kali Linux
Getting ready
How to do it...
How it works...
There's more...
Installing and running OWASP Mantra
Getting ready
How to do it...
See also
Setting up the Iceweasel browser
How to do it...
How it works...
There's more...
Installing VirtualBox
Getting ready
How to do it...
How it works...
There's more...
See also
Creating a vulnerable virtual machine
How to do it...
How it works...
See also
Creating a client virtual machine
How to do it...
How it works...
See also
Configuring virtual machines for correct communication
Getting ready
How to do it...
How it works...
Getting to know web applications on a vulnerable VM
Getting ready
How to do it...
How it works...
2. Reconnaissance
Introduction
Scanning and identifying services with Nmap
Getting ready
How to do it...
How it works...
There's more...
See also
Identifying a web application firewall
How to do it...
How it works...
Watching the source code
Getting ready
How to do it...
How it works...
Using Firebug to analyze and alter basic behavior
Getting ready
How to do it...
How it works...
There's more...
Obtaining and modifying cookies
Getting ready
How to do it...
How it works...
Taking advantage of robots.txt
How to do it...
How it works...
Finding files and folders with DirBuster
Getting ready
How to do it...
How it works...
Password profiling with CeWL
How to do it...
How it works...
See also
Using John the Ripper to generate a dictionary
Getting ready
How to do it...
How it works...
There's more...
Finding files and folders with ZAP
Getting ready
How to do it...
How it works...
See also
3. Crawlers and Spiders
Introduction
Downloading a page for offline analysis with Wget
Getting ready
How to do it...
How it works...
There's more...
Downloading the page for offline analysis with HTTrack
Getting ready
How to do it...
How it works...
There's more...
Using ZAP's spider
Getting ready
How to do it...
How it works...
There's more...
Using Burp Suite to crawl a website
Getting ready
How to do it...
How it works...
Repeating requests with Burp's repeater
Getting ready
How to do it...
How it works...
Using WebScarab
Getting ready
How to do it...
How it works...
Identifying relevant files and directories from crawling results
How to do it...
How it works...
4. Finding Vulnerabilities
Introduction
Using Hackbar add-on to ease parameter probing
Getting ready
How to do it...
How it works...
Using Tamper Data add-on to intercept and modify requests
How to do it...
How it works...
Using ZAP to view and alter requests
Getting ready
How to do it...
How it works...
Using Burp Suite to view and alter requests
Getting ready
How to do it...
How it works...
Identifying cross-site scripting (XSS) vulnerabilities
How to do it...
How it works...
There's more...
Identifying error based SQL injection
How to do it...
How it works...
There's more...
Identifying a blind SQL Injection
How to do it...
How it works...
See also
Identifying vulnerabilities in cookies
How to do it
How it works...
There's more...
Obtaining SSL and TLS information with SSLScan
How to do it...
How it works...
There's more...
See also
Looking for file inclusions
How to do it...
How it works...
There's more...
Identifying POODLE vulnerability
Getting ready
How to do it...
How it works...
See also
5. Automated Scanners
Introduction
Scanning with Nikto
How to do it...
How it works...
Finding vulnerabilities with Wapiti
How to do it...
How it works...
Using OWASP ZAP to scan for vulnerabilities
Getting ready
How to do it...
How it works...
There's more...
Scanning with w3af
How to do it...
How it works...
There's more...
Using Vega scanner
How to do it...
How it works...
Finding Web vulnerabilities with Metasploit's Wmap
Getting ready
How to do it...
How it works...
6. Exploitation – Low Hanging Fruits
Introduction
Abusing file inclusions and uploads
Getting ready
How to do it...
How it works...
There's more...
Exploiting OS Command Injections
How to do it...
How it works...
Exploiting an XML External Entity Injection
Getting ready
How to do it...
How it works...
There's more...
See also
Brute-forcing passwords with THC-Hydra
Getting ready
How to do it...
How it works...
There's more...
Dictionary attacks on login pages with Burp Suite
Getting ready
How to do it...
How it works...
There's more...
Obtaining session cookies through XSS
Getting ready
How to do it...
How it works...
There's more...
Step by step basic SQL Injection
How to do it...
How it works...
Finding and exploiting SQL Injections with SQLMap
How to do it...
How it works...
There's more...
See also
Attacking Tomcat's passwords with Metasploit
Getting ready
How to do it...
How it works...
See also
Using Tomcat Manager to execute code
How to do it...
How it works...
7. Advanced Exploitation
Introduction
Searching Exploit-DB for a web server's vulnerabilities
How to do it...
How it works...
There's more...
See also
Exploiting Heartbleed vulnerability
Getting ready
How to do it...
How it works...
Exploiting XSS with BeEF
Getting ready
How to do it...
How it works...
There's more...
Exploiting a Blind SQLi
Getting ready
How to do it...
How it works...
There's more...
Using SQLMap to get database information
How to do it...
How it works...
Performing a cross-site request forgery attack
Getting ready
How to do it...
Executing commands with Shellshock
How to do it...
How it works...
There's more...
Cracking password hashes with John the Ripper by using a dictionary
How to do it...
How it works...
Cracking password hashes by brute force using oclHashcat/cudaHashcat
Getting ready
How to do it...
How it works...
8. Man in the Middle Attacks
Introduction
Setting up a spoofing attack with Ettercap
Getting ready
How to do it...
How it works...
Being the MITM and capturing traffic with Wireshark
Getting ready
How to do it...
How it works...
See also
Modifying data between the server and the client
Getting ready
How to do it...
How it works...
There's more...
See also
Setting up an SSL MITM attack
How to do it...
How it works...
See also
Obtaining SSL data with SSLsplit
Getting ready
How to do it...
How it works...
Performing DNS spoofing and redirecting traffic
Getting ready
How to do it...
How it works...
See also
9. Client-Side Attacks and Social Engineering
Introduction
Creating a password harvester with SET
How to do it...
How it works...
Using previously saved pages to create a phishing site
Getting ready
How to do it...
How it works...
Creating a reverse shell with Metasploit and capturing its connections
How to do it...
How it works...
Using Metasploit's browser_autpwn2 to attack a client
How to do it...
How it works...
Attacking with BeEF
Getting ready
How to do it...
How it works...
Tricking the user to go to our fake site
How to do it...
How it works...
There's more...
See also
10. Mitigation of OWASP Top 10
Introduction
A1 – Preventing injection attacks
How to do it...
How it works...
See also
A2 – Building proper authentication and session management
How to do it...
How it works...
See also
A3 – Preventing cross-site scripting
How to do it...
How it works...
See also
A4 – Preventing Insecure Direct Object References
How to do it...
How it works...
A5 – Basic security configuration guide
How to do it...
How it works...
A6 – Protecting sensitive data
How to do it...
How it works...
A7 – Ensuring function level access control
How to do it...
How it works...
A8 – Preventing CSRF
How to do it...
How it works...
See also
A9 – Where to look for known vulnerabilities on third-party components
How to do it...
How it works...
A10 – Redirect validation
How to do it...
How it works...
Index
Kali Linux Web Penetration Testing Cookbook
Kali Linux Web Penetration Testing Cookbook
Copyright © 2016 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: February 2016
Production reference: 1220216
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78439-291-8
www.packtpub.com
Credits
Author
Gilberto Nájera-Gutiérrez
Reviewers
Gregory Douglas Hill
Nikunj Jadawala
Abhinav Rai
Commissioning Editor
Julian Ursell
Acquisition Editors
Tushar Gupta
Usha Iyer
Content Development Editor
Arun Nadar
Technical Editor
Pramod Kumavat
Copy Editor
Sneha Singh
Project Coordinator
Nikhil Nair
Proofreader
Safis Editing
Indexer
Rekha Nair
Graphics
Abhinash Sahu
Production Coordinator
Manu Joseph
Cover Work
Manu Joseph
About the Author
Gilberto Nájera-Gutiérrez leads the Security Testing Team (STT) at Sm4rt Security Services, one of the top security firms in Mexico.
He is also an Offensive Security Certified Professional (OSCP), an EC-Council Certified Security Administrator (ECSA), and holds a master's degree in computer science with specialization in artificial intelligence.
He has been working as a Penetration Tester since 2013 and has been a security enthusiast since high school; he has successfully conducted penetration tests on networks and applications of some of the biggest corporations in Mexico, such as government agencies and financial institutions.
To Leticia, thanks for your love, support and encouragement; this wouldn't have been possible without you. Love you Mi Reina!
To my team: Daniel, Vanessa, Rafael, Fernando, Carlos, Karen, Juan Carlos, Uriel, Iván, and Aldo. Your talent and passion inspire me to do things like this and to always look for new challenges. Thank you guys, keep it going!
About the Reviewers
Gregory Douglas Hill is an ethical hacking student from Abertay University, Scotland, who also works for an independent web application developer focusing on security. From several years of programming and problem solving experience, along with the invaluable level of specialized training that Abertay delivers to their students, security has become an integral part of his life. He has written several white papers ranging from IDS evasion to automated XSS fuzzing and presented talks on SQL injection and social engineering to the local ethical hacking society.
I would like to thank my friends and family for the inspiration I needed to help produce this book, especially with my increasing academic workload.
Nikunj Jadawala is a security consultant at Cigital. He has over 2 years of experience in the security industry in a variety of roles, including network and web application penetration testing and also computer forensics.
At Cigital, he works with a number of Fortune 250 companies on compliance, governance, forensics projects, conducting security assessments, and audits. He is a dedicated security evangelist, providing constant security support to businesses, educational institutions, and governmental agencies, globally.
I would like to thank my family for supporting me throughout the book-writing process. I'd also like to thank my friends who have guided me in the InfoSec field and my colleagues at Cigital for being there when I needed help and support.
Abhinav Rai has been associated with information security, and has experience of application security and network security as well. He has performed security assessments on various applications built on different platforms. He is currently working as an information security analyst.
He has completed his degree in Computer Science and his post-graduate diploma in IT Infrastructure System and Security. He also holds a certificate in communication protocol design and testing.
He can be reached at <abhinav.rai.55@gmail.com>.
www.PacktPub.com
eBooks, discount offers, and more
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
eBooks, discount offers, and morehttps://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Preface
Nowadays, information security is a hot topic all over the news and the Internet; we hear almost every day about web page defacements, data leaks of millions of user accounts and passwords or credit card numbers from websites, and identity theft on social networks; terms such as cyber attack, cybercrime, hacker, and even cyberwar are becoming a part of the daily lexicon in the media.
All this exposition to information security subjects and the real need to protect sensitive data and their reputation have made organizations more aware of the need to know where their systems are vulnerable; especially, for the ones that are accessible to the world through the Internet, how could they be attacked, and what will be the consequences, in terms of information lost or system compromise if an attack was successful. And more importantly, how to fix those vulnerabilities and minimize the risk.
This task of detecting vulnerabilities and discovering their impact on organizations is the one that is addressed through penetration testing. A penetration test is an attack or attacks made by a trained security professional who is using the same techniques and tools that real hackers use in order to discover all the possible weak spots in the organization's systems. These weak spots are exploited and their impact is measured. When the test is finished, the penetration tester informs all their findings and tells how they can be fixed to prevent future damage.
In this book, we follow the whole path of a web application penetration test and, in the form of easy-to-follow, step-by-step recipes, show how the vulnerabilities in web applications and web servers can be discovered, exploited, and fixed.
What this book covers
Chapter 1, Setting Up Kali Linux, takes the reader through the process of configuring and updating the system; also, the installation of virtualization software is covered, including the configuration of the virtual machines that will comprise our penetration testing lab.
Chapter 2, Reconnaissance, enables the reader to put to practice some of the information gathering techniques in order to gain intelligence about the system to be tested, the software installed on it, and how the target web application is built.
Chapter 3, Crawlers and Spiders, shows the reader how to use these tools, which are a must in every analysis of a web application, be it a functional one or more security focused, such as a penetration test.
Chapter 4, Finding Vulnerabilities, explains that the core of a vulnerability analysis or a penetration test is to discover weak spots in the tested applications; recipes are focused on how to manually identify some of the most common vulnerabilities by introducing specific input values on applications' forms and analyzing their outputs.
Chapter 5, Automated Scanners, covers a very important aspect of the discovery of vulnerabilities, the use of tools specially designed to automatically find security flaws in web applications: automated vulnerability scanners.
Chapter 6, Exploitation – Low Hanging Fruits, is the first chapter where we go further than just identifying the existence of some vulnerability. Every recipe in this chapter is focused on exploiting a specific type of vulnerability and using that exploitation to extract sensitive information or gain a more privileged level of access to the application.
Chapter 7, Advanced Exploitation, follows the path of the previous chapter; here, the reader will have the opportunity to practice a more advanced and a more in-depth set of exploitation techniques for the most difficult situations and the most sophisticated setups.
Chapter 8, Man in the Middle Attacks. Although not specific to web applications, MITM attacks play a very important role in the modern information security scenario. In this chapter, we will see how these are performed and what an attacker can do to their victims through such techniques.
Chapter 9, Client-Side Attacks and Social Engineering, explains how it's constantly said that the user is the weakest link in the security chain, but traditionally, penetration testing assessments exclude client-side attacks and social engineering campaigns. It is the goal of this book to give the reader a global view on penetration testing and to encourage the execution of assessments that cover all the aspects of security; this