Penetration Testing Bootcamp
eBook - ePub

Penetration Testing Bootcamp

  1. 258 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Penetration Testing Bootcamp

Book details
Book preview
Table of contents
Citations

About This Book

Sharpen your pentesting skill in a bootcampAbout This Book• Get practical demonstrations with in-depth explanations of complex security-related problems• Familiarize yourself with the most common web vulnerabilities• Get step-by-step guidance on managing testing results and reportingWho This Book Is ForThis book is for IT security enthusiasts and administrators who want to understand penetration testing quickly.What You Will Learn• Perform different attacks such as MiTM, and bypassing SSL encryption• Crack passwords and wireless network keys with brute-forcing and wordlists• Test web applications for vulnerabilities• Use the Metasploit Framework to launch exploits and write your own Metasploit modules• Recover lost files, investigate successful hacks, and discover hidden data• Write organized and effective penetration testing reportsIn DetailPenetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing.This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test.In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.Style and approachThis book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Penetration Testing Bootcamp by Jason Beltrame in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2017
ISBN
9781787281073
Edition
1
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Web Application Attacks

Web applications provide some of the greatest attack surfaces for organizations. With so many web applications that are publicly available for providing services, one must make sure they are secure. With millions of users utilizing these applications daily, and inputting all sorts of data into them, like personally identifiable information, credit card information, health information just to name a few, having a web application compromised leaves all that data available for the hacker.
With that being said, there are a lot of moving pieces to web applications, so running a penetration test against them can be daunting. I have laid out a couple of different sections that I test when running a penetration test against web applications and included various tools to test within that category. These categories follow OWASP recommendations as some of the important pieces to verify during a penetration test. In case you are not familiar with OWASP, or the open web application security project, you can get more information here: https://www.owasp.org/index.php/Main_Page. In the simplest form, they are a nonprofit organization with the sole mission to make software security visible to all, so that individuals can understand them, and therefore, make better security decisions around web applications. OWASP does publish a top 10 every couple of years to really show application developers the current trends and threats to web applications. The last year published was 2013, and this year, 2017, a new list will be published later on in the year. The proposed list for 2017 includes the following:
  • Injection
  • Broken authentication and session management
  • XSS
  • Broken access control
  • Security misconfiguration
  • Sensitive data exposure
  • Insufficient attack protection
  • Cross-site request forgery
  • Using components with known vulnerabilities
  • Under protected API's
We will cover the majority of attacks that are found within that list. Some items we covered in previous chapters but I wanted to get a good mix of attack types and tools that cover the spectrum of web application testing. The one thing to remember as well is that this list is by no means comprehensive. There are always other attacks that are out there, and this is changing on a constant basis. Keeping up with recommendations from OWAPS is always a best practice.
The following topics will be discussed in this chapter:
  • Manipulation by client-side testing
  • Infrastructure and design weaknesses
  • Identity-based testing
  • Validating data, error handling and logic
  • Session management

Manipulation by client-side testing

Client-side testing is an important concern when it comes to web applications. One needs not only to be worried about the ability for others to execute code within the client-side browser but also how that will affect the web server and applications. Client-side testing involves items like XSS (Cross site scripting), JavaScript execution and WebSockets to name just a few.
Client-side issues are not new but with the increased amount of attention and security being added to protect against server-side attacks, hackers have moved to client-side attacks. Client-side attacks revolve around browser-based vulnerabilities that result from unpatched browsers, or zero-day vulnerabilities. Using the web application, one can try and attack the client-side machine, and gain a foothold on that client machine to do whatever they want. It is important for not only the client-side machine to be patched and have an up to date browser, but also the web application programmer to make sure they are securely programming the web application to not allow these attacks to happen.
The following tools hit these concerns and can be used to verify whether some of these options can be performed. I will show examples of each of them in my lab, and how to get the most use out of them. I will also explain these attacks, and why they are important to protect against.

Cross-site scripting attacks

Cross-site scripting, or XSS for short, is a form of web application vulnerability in which a user can inject scripts that will run on the client-side. These scripts tend to be malicious in nature, and are found all over the internet. They tend to occur where the input fields are not validating the input, or encoding it correctly. When that occurs, a malicious user can input the script into the fields, and when the form is submitted, the script will run.
There tend to be two classifications of XSS attacks, stored XSS attacks and reflected XSS attacks both of which I will discuss further in the next two sections.

Reflected XSS attack

A reflected XSS attack occurs when a script is reflected off the web server in order to run. The browser allows it to run since it believes it came from the trusted server. They tend to be reflected off the web server via things like error messages or search results. But, they can technically be reflected back via any response, as long as some of the input is sent to the web server. Reflected XSS attacks, or non-persistent XSS attacks, tend to be the most common XSS out there.
For testing a reflected XSS attack, I will attempt to insert some code into the Name field within the website, so that when I hit the Submit button, it will run the code if the XSS attack is successful.
First, I will browse to the site and verify the page works, and then look at the URL:
Once I submit, I can see it outputs the name, and puts it in the URL as well after the name variable:
Let me see if I can create an alert popup. To accomplish this, I will input the following into the input field:
<script>alert("Your site is not protecting against XSS!Please fix ASAP!!")</script>
When I hit Submit button, I can see the URL has my script in it passed as a variable. I can also see that the XSS worked, as I can see the alert pop up with the message that I specified:

Stored XSS attack

The other type of cross-site scripting attack is the stored XSS attack. For these, the script is injected into fields which are stored on the target servers. These include items like a guestbook, message forum, visitor logs, or databases. The victim will then retrieve the information as well as the script, and the malicious script will then run. Stored XSS, or persistent XSS, tend to be not as common, but they also tend to be more devastating.
To attempt a stored XSS attack, I will try and see how the form works. I will fill out the form and submit to verify all is working:
I can see that the message submitted cor...

Table of contents

  1. Title Page
  2. Copyright
  3. Credits
  4. About the Author
  5. About the Reviewer
  6. www.PacktPub.com
  7. Customer Feedback
  8. Preface
  9. Planning and Preparation
  10. Information Gathering
  11. Setting up and maintaining the Command and Control Server
  12. Vulnerability Scanning and Metasploit
  13. Traffic Sniffing and Spoofing
  14. Password-based Attacks
  15. Attacks on the Network Infrastructure
  16. Web Application Attacks
  17. Cleaning Up and Getting Out
  18. Writing Up the Penetration Testing Report