Web Penetration Testing with Kali Linux


Web Penetration Testing with Kali Linux
eBook: $29.99
Formats: PDF, PacktLib, ePub and Mobi formats
$25.49
save 15%!
Print + free eBook + free PacktLib access to the book: $79.98    Print cover: $49.99
$49.99
save 37%!
Free Shipping!
UK, US, Europe and selected countries in Asia.
Also available on:
Overview
Table of Contents
Author
Support
Sample Chapters
  • Learn key reconnaissance concepts needed as a penetration tester
  • Attack and exploit key features, authentication, and sessions on web applications
  • Learn how to protect systems, write reports, and sell web penetration testing services

Book Details

Language : English
Paperback : 342 pages [ 235mm x 191mm ]
Release Date : September 2013
ISBN : 1782163166
ISBN 13 : 9781782163169
Author(s) : Joseph Muniz, Aamir Lakhani
Topics and Technologies : All Books, Networking and Servers, Open Source


Table of Contents

Preface
Chapter 1: Penetration Testing and Setup
Chapter 2: Reconnaissance
Chapter 3: Server-side Attacks
Chapter 4: Client-side Attacks
Chapter 5: Attacking Authentication
Chapter 6: Web Attacks
Chapter 7: Defensive Countermeasures
Chapter 8: Penetration Test Executive Report
Index
  • Chapter 1: Penetration Testing and Setup
    • Web application Penetration Testing concepts
    • Penetration Testing methodology
      • Calculating risk
    • Kali Penetration Testing concepts
      • Step 1 – Reconnaissance
      • Step 2 – Target evaluation
      • Step 3 – Exploitation
      • Step 4 – Privilege Escalation
      • Step 5 – maintaining a foothold
    • Introducing Kali Linux
    • Kali system setup
      • Running Kali Linux from external media
      • Installing Kali Linux
      • Kali Linux and VM image first run
    • Kali toolset overview
    • Summary
  • Chapter 2: Reconnaissance
    • Reconnaissance objectives
    • Initial research
      • Company website
      • Web history sources
      • Regional Internet Registries (RIRs)
      • Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
      • Social media resources
      • Trust
      • Job postings
      • Location
      • Shodan
      • Google hacking
      • Google Hacking Database
      • Researching networks
        • HTTrack – clone a website
        • ICMP Reconnaissance techniques
        • DNS Reconnaissance techniques
        • DNS target identification
        • Maltego – Information Gathering graphs
      • Nmap
        • FOCA – website metadata Reconnaissance
    • Summary
  • Chapter 3: Server-side Attacks
    • Vulnerability assessment
      • Webshag
      • Skipfish
      • ProxyStrike
      • Vega
      • Owasp-Zap
      • Websploit
    • Exploitation
      • Metasploit
      • w3af
    • Exploiting e-mail systems
    • Brute-force attacks
      • Hydra
      • DirBuster
      • WebSlayer
    • Cracking passwords
      • John the Ripper
    • Man-in-the-middle
      • SSL strip
        • Starting the attack – redirection
        • Setting up port redirection using Iptables
    • Summary
  • Chapter 4: Client-side Attacks
    • Social engineering
    • Social Engineering Toolkit (SET)
      • Using SET to clone and attack
    • MitM Proxy
    • Host scanning
      • Host scanning with Nessus
        • Installing Nessus on Kali
        • Using Nessus
    • Obtaining and cracking user passwords
      • Windows passwords
        • Mounting Windows
        • Linux passwords
    • Kali password cracking tools
      • Johnny
      • hashcat and oclHashcat
      • samdump2
      • chntpw
      • Ophcrack
      • Crunch
    • Other tools available in Kali
      • Hash-identifier
      • dictstat
      • RainbowCrack (rcracki_mt)
      • findmyhash
      • phrasendrescher
      • CmosPwd
      • creddump
    • Summary
  • Chapter 5: Attacking Authentication
    • Attacking session management
      • Clickjacking
    • Hijacking web session cookies
    • Web session tools
      • Firefox plugins
      • Firesheep – Firefox plugin
      • Web Developer – Firefox plugin
      • Greasemonkey – Firefox plugin
      • Cookie Injector – Firefox plugin
      • Cookies Manager+ – Firefox plugin
      • Cookie Cadger
      • Wireshark
      • Hamster and Ferret
      • Man-in-the-middle attack
      • dsniff and arpspoof
      • Ettercap
      • Driftnet
    • SQL Injection
      • sqlmap
    • Cross-site scripting (XSS)
    • Testing cross-site scripting
    • XSS cookie stealing / Authentication hijacking
    • Other tools
      • urlsnarf
      • acccheck
      • hexinject
      • Patator
      • DBPwAudit
    • Summary
  • Chapter 6: Web Attacks
    • Browser Exploitation Framework – BeEF
    • FoxyProxy – Firefox plugin
    • BURP Proxy
    • OWASP – ZAP
    • SET password harvesting
    • Fimap
    • Denial of Services (DoS)
      • THC-SSL-DOS
      • Scapy
      • Slowloris
    • Low Orbit Ion Cannon
    • Other tools
      • DNSCHEF
      • SniffJoke
      • Siege
      • Inundator
      • TCPReplay
    • Summary
  • Chapter 7: Defensive Countermeasures
    • Testing your defenses
      • Baseline security
      • STIG
      • Patch management
      • Password policies
    • Mirror your environment
      • HTTrack
      • Other cloning tools
    • Man-in-the-middle defense
      • SSL strip defense
    • Denial of Service defense
    • Cookie defense
    • Clickjacking defense
    • Digital forensics
      • Kali Forensics Boot
        • Filesystem analysis with Kali
      • dc3dd
      • Other forensics tools in Kali
        • chkrootkit
        • Autopsy
        • Binwalk
        • pdf-parser
        • Foremost
        • Pasco
        • Scalpel
        • bulk_extractor
    • Summary
  • Chapter 8: Penetration Test Executive Report
    • Compliance
    • Industry standards
    • Professional services
    • Documentation
    • Report format
      • Cover page
      • Confidentiality statement
      • Document control
      • Timeline
      • Executive summary
      • Methodology
      • Detailed testing procedures
      • Summary of findings
      • Vulnerabilities
      • Network considerations and recommendations
      • Appendices
      • Glossary
    • Statement of Work (SOW)
      • External Penetration Testing
      • Additional SOW material
    • Kali reporting tools
      • Dradis
      • KeepNote
      • Maltego CaseFile
      • MagicTree
      • CutyCapt
      • Sample reports
    • Summary

Joseph Muniz

Joseph Muniz is a technical solutions architect and security researcher. He started his career in software development and later managed networks as a contracted technical resource. Joseph moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. Joseph runs TheSecurityBlogger.com website, a popular resources regarding security and product implementation. You can also find Joseph speaking at live events as well as involved with other publications. Recent events include speaker for Social Media Deception at the 2013 ASIS International conference, speaker for Eliminate Network Blind Spots with Data Center Security webinar, speaker for Making Bring Your Own Device (BYOD) Work at the Government Solutions Forum, Washington DC, and an article on Compromising Passwords in PenTest Magazine - Backtrack Compendium, July 2013. Outside of work, he can be found behind turntables scratching classic vinyl or on the soccer pitch hacking away at the local club teams.

Aamir Lakhani

Aamir Lakhani is a leading Cyber Security and Cyber Counterintelligence architect. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations. Lakhani leads projects that implement security postures for Fortune 500 companies, the US Department of Defense, major healthcare providers, educational institutions, and financial and media organizations. Lakhani has designed offensive counter defense measures for defense and intelligence agencies, and has assisted organizations in defending themselves from active strike back attacks perpetrated by underground cyber groups. Lakhani is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware, and Advanced Persistent Threat (APT) research, and Dark Security. Lakhani is the author and contributor of several books, and has appeared on National Public Radio as an expert on Cyber Security. Writing under the pseudonym Dr. Chaos, Lakhani also operates the DrChaos.com blog. In their recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as "a blogger, infosec specialist, superhero..., and all around good guy."
Sorry, we don't have any reviews for this title yet.

Submit Errata

Please let us know if you have found any errors not listed on this list by completing our errata submission form. Our editors will check them and add them to this list. Thank you.


Errata

- 13 submitted: last submission 18 Mar 2014

Errata type: Typo | Page number: 3

Inside the "Who this book is for" section of the Preface, the sentence:

"If you are looking to identify how to perform a Penetration Test against web applications and present findings to a customer is a professional manner then this book is for you"

should be:

"If you are looking to identify how to perform a Penetration Test against web applications and present findings to a customer in a professional manner then this book is for you".

Errata type: Typo | Page number: 20

It should be "Remove evidence of unauthorized access"

instead of

"Remove evidence of authorized access""

Errata type: Typo | Page number: 122

In the last paragraph, the sentence "For example, there are interfaces named eth0 and eth1, issue the command Ifdown eth0 to disable the eth0 interface."

should be:

"For example, there are interfaces named eth0 and eth1, issue the command ifdown eth0 to disable the eth0 interface."

Errata type: Typo | Page number: 125

In the tip, the sentence "arpspoof has many options. You can use the command man iptables see additional options."

should be:

"iptables has many options. You can use the command man iptables see additional options."

Errata type: Typo | Page number: 31

Under the second bullet point "Hardware Hacking", the sentence "This section contains Android tools, which could be classified as mobile, and Ardunio tools that are used for programming and controlling other small electronic devices."

should be:

"This section contains Android tools, which could be classified as mobile, and Arduino tools that are used for programming and controlling other small electronic devices."

Errata type: Typo | Page number:30

In the last point, under "Reverse Engineering", the sentence "These tools are used to disable an executable and debug programs."

should be:

"These tools are used to disassemble an executable and debug programs."

Errata type: Typo | Page number: 78

In the fifth paragraph, the line "Skipfish –o (output location) –W (location of wordlist) (target website)"

should be:

"skipfish –o (output location) –W (location of wordlist) (target website)".

Errata type: Typo | Page number: 34

Under the Reconnaissance objectives section, the third bullet point:

It should be "Target's investment in security: Are security policies advertised? What is the potential security investment, and user security awareness?"

instead of

"Target's investment in security: Are security policies advertised? What is the potential investment security, and user security awareness?"

Errata type: Typo | Page number: 151

In the first paragraph, the sentence "The third tab on the left provides options for exporting scans, as shown in the following two screenshots:" should be "The third tab on the left provides options for exporting scans, as shown in the following screenshot:"

Errata type: code | Page number: 161

The command cd /root/AttackDirectory > windowshashfiles.txt should be cat /root/AttackDirectory/* > windowshashfiles.txt

Errata type: Graphics | Page number: 199

The graphic after the note is incorrect. The correct graphic should be 3169_Chapter5_Image53_3.png.

Errata type: Typo | Page number: 258

In the first paragraph, the sentence "At the time of writing, HTTack no longer comes preinstalled with Kali. To install HTTack, open up a Terminal window and type apt-get install httrack."

Should be "At the time of writing, HTTrack no longer comes preinstalled with Kali. To install HTTrack, open up a Terminal window and type apt-get install httrack."

Errata type: Typo | Page number: 257

In the last paragraph, second sentence, "HTTrack allows you to download a website from the Internet to a location directory, build all directories, capture HTML, images, and other files from the server and store on your computer."

Should be "HTTrack allows you to download a website from the Internet to a local directory, build all directories, capture HTML, images, and other files from the server and store on your computer."

Sample chapters

You can view our sample chapters and prefaces of this title on PacktLib or download sample chapters in PDF format.

Frequently bought together

Web Penetration Testing with Kali Linux +    Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide =
50% Off
the second eBook
Price for both: €36.65

Buy both these recommended eBooks together and get 50% off the cheapest eBook.

What you will learn from this book

  • Perform vulnerability reconnaissance to gather information on your targets
  • Expose server vulnerabilities and take advantage of them to gain privileged access
  • Exploit client-based systems using web application protocols
  • Learn how to use SQL and cross-site scripting (XSS) attacks
  • Steal authentications through session hijacking techniques
  • Harden systems so other attackers do not exploit them easily
  • Generate reports for penetration testers
  • Learn tips and trade secrets from real world penetration testers

In Detail

Kali Linux is built for professional penetration testing and security auditing. It is the next-generation of BackTrack, the most popular open-source penetration toolkit in the world. Readers will learn how to think like real attackers, exploit systems, and expose vulnerabilities.

Even though web applications are developed in a very secure environment and have an intrusion detection system and firewall in place to detect and prevent any malicious activity, open ports are a pre-requisite for conducting online business. These ports serve as an open door for attackers to attack these applications. As a result, penetration testing becomes essential to test the integrity of web-applications. Web Penetration Testing with Kali Linux is a hands-on guide that will give you step-by-step methods on finding vulnerabilities and exploiting web applications.

"Web Penetration Testing with Kali Linux" looks at the aspects of web penetration testing from the mind of an attacker. It provides real-world, practical step-by-step instructions on how to perform web penetration testing exercises.

You will learn how to use network reconnaissance to pick your targets and gather information. Then, you will use server-side attacks to expose vulnerabilities in web servers and their applications. Client attacks will exploit the way end users use web applications and their workstations. You will also learn how to use open source tools to write reports and get tips on how to sell penetration tests and look out for common pitfalls.

On the completion of this book, you will have the skills needed to use Kali Linux for web penetration tests and expose vulnerabilities on web applications and clients that access them.

Approach

"Web Penetration Testing with Kali Linux" contains various penetration testing methods using BackTrack that will be used by the reader. It contains clear step-by-step instructions with lot of screenshots. It is written in an easy to understand language which will further simplify the understanding for the user.

Who this book is for

"Web Penetration Testing with Kali Linux" is ideal for anyone who is interested in learning how to become a penetration tester. It will also help the users who are new to Kali Linux and want to learn the features and differences in Kali versus Backtrack, and seasoned penetration testers who may need a refresher or reference on new tools and techniques. Basic familiarity with web-based programming languages such as PHP, JavaScript and MySQL will also prove helpful.

Code Download and Errata
Packt Anytime, Anywhere
Register Books
Print Upgrades
eBook Downloads
Video Support
Contact Us
Awards Voting Nominations Previous Winners
Judges Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software
Resources
Open Source CMS Hall Of Fame CMS Most Promising Open Source Project Open Source E-Commerce Applications Open Source JavaScript Library Open Source Graphics Software