Penetration Testing Bootcamp
eBook - ePub

Penetration Testing Bootcamp

  1. 258 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Penetration Testing Bootcamp

About this book

Sharpen your pentesting skill in a bootcampAbout This Book• Get practical demonstrations with in-depth explanations of complex security-related problems• Familiarize yourself with the most common web vulnerabilities• Get step-by-step guidance on managing testing results and reportingWho This Book Is ForThis book is for IT security enthusiasts and administrators who want to understand penetration testing quickly.What You Will Learn• Perform different attacks such as MiTM, and bypassing SSL encryption• Crack passwords and wireless network keys with brute-forcing and wordlists• Test web applications for vulnerabilities• Use the Metasploit Framework to launch exploits and write your own Metasploit modules• Recover lost files, investigate successful hacks, and discover hidden data• Write organized and effective penetration testing reportsIn DetailPenetration Testing Bootcamp delivers practical, learning modules in manageable chunks. Each chapter is delivered in a day, and each day builds your competency in Penetration Testing.This book will begin by taking you through the basics and show you how to set up and maintain the C&C Server. You will also understand how to scan for vulnerabilities and Metasploit, learn how to setup connectivity to a C&C server and maintain that connectivity for your intelligence gathering as well as offsite processing. Using TCPDump filters, you will gain understanding of the sniffing and spoofing traffic. This book will also teach you the importance of clearing up the tracks you leave behind after the penetration test and will show you how to build a report from all the data obtained from the penetration test.In totality, this book will equip you with instructions through rigorous tasks, practical callouts, and assignments to reinforce your understanding of penetration testing.Style and approachThis book is delivered in the form of a 10-day boot camp style book. The day-by-day approach will help you get to know everything about penetration testing, from the use of network reconnaissance tools, to the writing of custom zero-day buffer overflow exploits.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Information

Publisher
Packt Publishing
Year
2017
eBook ISBN
9781787281073
Edition
1
Topic
Computer Science
Subtopic
Computer Networking
Index
Computer Science

Web Application Attacks

Web applications provide some of the greatest attack surfaces for organizations. With so many web applications that are publicly available for providing services, one must make sure they are secure. With millions of users utilizing these applications daily, and inputting all sorts of data into them, like personally identifiable information, credit card information, health information just to name a few, having a web application compromised leaves all that data available for the hacker.
With that being said, there are a lot of moving pieces to web applications, so running a penetration test against them can be daunting. I have laid out a couple of different sections that I test when running a penetration test against web applications and included various tools to test within that category. These categories follow OWASP recommendations as some of the important pieces to verify during a penetration test. In case you are not familiar with OWASP, or the open web application security project, you can get more information here: https://www.owasp.org/index.php/Main_Page. In the simplest form, they are a nonprofit organization with the sole mission to make software security visible to all, so that individuals can understand them, and therefore, make better security decisions around web applications. OWASP does publish a top 10 every couple of years to really show application developers the current trends and threats to web applications. The last year published was 2013, and this year, 2017, a new list will be published later on in the year. The proposed list for 2017 includes the following:
  • Injection
  • Broken authentication and session management
  • XSS
  • Broken access control
  • Security misconfiguration
  • Sensitive data exposure
  • Insufficient attack protection
  • Cross-site request forgery
  • Using components with known vulnerabilities
  • Under protected API's
We will cover the majority of attacks that are found within that list. Some items we covered in previous chapters but I wanted to get a good mix of attack types and tools that cover the spectrum of web application testing. The one thing to remember as well is that this list is by no means comprehensive. There are always other attacks that are out there, and this is changing on a constant basis. Keeping up with recommendations from OWAPS is always a best practice.
The following topics will be discussed in this chapter:
  • Manipulation by client-side testing
  • Infrastructure and design weaknesses
  • Identity-based testing
  • Validating data, error handling and logic
  • Session management

Manipulation by client-side testing

Client-side testing is an important concern when it comes to web applications. One needs not only to be worried about the ability for others to execute code within the client-side browser but also how that will affect the web server and applications. Client-side testing involves items like XSS (Cross site scripting), JavaScript execution and WebSockets to name just a few.
Client-side issues are not new but with the increased amount of attention and security being added to protect against server-side attacks, hackers have moved to client-side attacks. Client-side attacks revolve around browser-based vulnerabilities that result from unpatched browsers, or zero-day vulnerabilities. Using the web application, one can try and attack the client-side machine, and gain a foothold on that client machine to do whatever they want. It is important for not only the client-side machine to be patched and have an up to date browser, but also the web application programmer to make sure they are securely programming the web application to not allow these attacks to happen.
The following tools hit these concerns and can be used to verify whether some of these options can be performed. I will show examples of each of them in my lab, and how to get the most use out of them. I will also explain these attacks, and why they are important to protect against.

Cross-site scripting attacks

Cross-site scripting, or XSS for short, is a form of web application vulnerability in which a user can inject scripts that will run on the client-side. These scripts tend to be malicious in nature, and are found all over the internet. They tend to occur where the input fields are not validating the input, or encoding it correctly. When that occurs, a malicious user can input the script into the fields, and when the form is submitted, the script will run.
There tend to be two classifications of XSS attacks, stored XSS attacks and reflected XSS attacks both of which I will discuss further in the next two sections.

Reflected XSS attack

A reflected XSS attack occurs when a script is reflected off the web server in order to run. The browser allows it to run since it believes it came from the trusted server. They tend to be reflected off the web server via things like error messages or search results. But, they can technically be reflected back via any response, as long as some of the input is sent to the web server. Reflected XSS attacks, or non-persistent XSS attacks, tend to be the most common XSS out there.
For testing a reflected XSS attack, I will attempt to insert some code into the Name field within the website, so that when I hit the Submit button, it will run the code if the XSS attack is successful.
First, I will browse to the site and verify the page works, and then look at the URL:
Once I submit, I can see it outputs the name, and puts it in the URL as well after the name variable:
Let me see if I can create an alert popup. To accomplish this, I will input the following into the input field:
<script>alert("Your site is not protecting against XSS!Please fix ASAP!!")</script>
When I hit Submit button, I can see the URL has my script in it passed as a variable. I can also see that the XSS worked, as I can see the alert pop up with the message that I specified:

Stored XSS attack

The other type of cross-site scripting attack is the stored XSS attack. For these, the script is injected into fields which are stored on the target servers. These include items like a guestbook, message forum, visitor logs, or databases. The victim will then retrieve the information as well as the script, and the malicious script will then run. Stored XSS, or persistent XSS, tend to be not as common, but they also tend to be more devastating.
To attempt a stored XSS attack, I will try and see how the form works. I will fill out the form and submit to verify all is working:
I can see that the message submitted cor...

Table of contents

  1. Title Page
  2. Copyright
  3. Credits
  4. About the Author
  5. About the Reviewer
  6. www.PacktPub.com
  7. Customer Feedback
  8. Preface
  9. Planning and Preparation
  10. Information Gathering
  11. Setting up and maintaining the Command and Control Server
  12. Vulnerability Scanning and Metasploit
  13. Traffic Sniffing and Spoofing
  14. Password-based Attacks
  15. Attacks on the Network Infrastructure
  16. Web Application Attacks
  17. Cleaning Up and Getting Out
  18. Writing Up the Penetration Testing Report

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Penetration Testing Bootcamp by Jason Beltrame in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Networking. We have over one million books available in our catalogue for you to explore.