In this chapter, we will cover the following topics:
- Creating an offline copy of a web application
- Scanning for vulnerabilities
- Launching website attacks
- Scanning WordPress
- Hacking WordPress
- Performing SQL injection attacks
In this chapter, we will cover the following topics:
Evaluating the security of web applications and databases requires a unique set of tools that can be leveraged against them. Websites and databases are highly targeted environments due to the amount of visibility they have and the information they contain. These could be for publicly accessible sites or intranets. In the event that a web application is compromised, it is highly likely that it may then be used as a jumping off point for further network penetration.
One of the first things that you should do is create an offline copy of the target site. This will allow you to analyze the contents of information such as how forms are submitted, the directory structure of the application, and where files are located. Aside from the technical details of the site's structure, comments, and inactive code can also give you an insight into additional areas of interest. This information can be used to craft site-specific attacks in subsequent portions of this chapter. By creating an offline copy of the site in question, you also limit the number of times that you are touching the site, minimizing the number of records generated in logs, and so on.
Web applications pose a particular risk to organizations as they are accessible to the internet, and therefore can be accessed by anyone. If you consider this carefully, untrusted external entities are being permitted access to applications and systems within the organization's security perimeter, making them an excellent jumping off point for further infiltration, once compromised.
We will now move to the next phase of our approach, using OWASP-ZAP, we will scan the target system for vulnerabilities that can potentially be exploited.
As mentioned in the previous sections, web servers represent a network device that resides on both the internal and external networks and can be used as a pathway to internal segments if successfully compromised. In addition to being a jumping off point to the internal network, web applications frequently handle sensitive data such as customer data, payment information, or medical records – all of which are valuable.
Focusing on the web applications themselves, we will use Vega to perform a deeper analysis on the install applications to identify possible opportunities.
WordPress is one of the most popular content management systems (CMS) used on the internet and due to its popularity and the ability for programmers to create custom components that integrate with WordPress, it presents a potentially attractive target.
Because of this popularity, there are many tools designed to scan for these vulnerabilities. We will be using one of these tools, WPScan.
To successfully complete this section, we will need the following:
With information on WordPress vulnerabilities available, and with the increase of useful tools to validate the security of WordPress installations, we will now use that information to perform an attack on a WordPress installation targeting the administrative user through an identified SQL injection vulnerability in a third party plugin.
To successfully complete this section, we will need the following:
Nearly all model web applications use an underlying database for storage of everything from application configuration, localization, user authentication credentials, sales records, patient records, and more. The information is read from and written to by the web applications that face the internet.
Unfortunately, web applications often are written in a way that allows remote users to insert their own commands into input forms, giving them the ability to change how the application behaves, and potentially giving access directly to the database itself.
To successfully complete this section, you will need the following: