Hands-On Web Penetration Testing with Metasploit

5 (1 reviews total)
By Harpreet Singh , Himanshu Sharma
    Advance your knowledge in tech with a Packt subscription

  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Introduction to Web Application Penetration Testing

About this book

Metasploit has been a crucial security tool for many years. However, there are only a few modules that Metasploit has made available to the public for pentesting web applications. In this book, you'll explore another aspect of the framework – web applications – which is not commonly used. You'll also discover how Metasploit, when used with its inbuilt GUI, simplifies web application penetration testing.

The book starts by focusing on the Metasploit setup, along with covering the life cycle of the penetration testing process. Then, you will explore Metasploit terminology and the web GUI, which is available in the Metasploit Community Edition. Next, the book will take you through pentesting popular content management systems such as Drupal, WordPress, and Joomla, which will also include studying the latest CVEs and understanding the root cause of vulnerability in detail. Later, you'll gain insights into the vulnerability assessment and exploitation of technological platforms such as JBoss, Jenkins, and Tomcat. Finally, you'll learn how to fuzz web applications to find logical security vulnerabilities using third-party tools.

By the end of this book, you'll have a solid understanding of how to exploit and validate vulnerabilities by working with various tools and techniques.

Publication date:
May 2020
Publisher
Packt
Pages
544
ISBN
9781789953527

 

Introduction to Web Application Penetration Testing

In today's world, there are automated tools and SaaS solutions that can test the security of a system or application. Automation often fails at a logical level when an application needs to be tested for business-logic flaws. It is important to learn how the penetration tester can help organizations stay a step ahead of cyber attacks and why the organization needs to follow a strict patch-management cycle to secure their assets.

In this book, you will learn how to perform a penetration test on web applications that are built on different platforms using the famous Metasploit framework. As most of us have heard about this tool and its importance in regular penetration tests, this book will be focused on how we can perform penetration testing on a variety of web applications, such as content management systems (CMSes) and content...

 

What is a penetration test?

Penetration testing, also known as pen testing, is an authorized attack on a computer system that is done to evaluate the security of the system/network. The test is performed to identify vulnerabilities and the risks they pose. A typical penetration test is a five-stage process that identifies the target systems, their vulnerabilities, and the exploitability of each vulnerability. The goal is to find as many vulnerabilities as possible and report back in a universally acceptable format for the client to understand. Let's look at the different types of penetration testing in the next section.

 

Types of penetration test

Depending upon the client's requirement, penetration tests can be categorized into three types:

  • White box
  • Black box
  • Gray box

We will discuss each of these in the following sections.

White box penetration test

A white box penetration test, or a glass box or clear box penetration test, is a type of test in which the information and details regarding the target system, network, or application are fully shared by the client, such as the login credentials of the systems, the SSH/Telnet login for the network devices, and the application source code that needs to be tested. Since the information retrieved from the client regarding their system, network, or application is highly sensitive, it is recommended...

 

Stages of penetration testing

To have a better understanding of penetration testing, let's go through the stages of the process:

  • Stage 1: Reconnaissance
  • Stage 2: Enumeration
  • Stage 3: Vulnerability assessment and analysis
  • Stage 4: Exploitation (includes the post-exploitation period)
  • Stage 5: Reporting

This can be seen in the following diagram:

Each and every stage has its own set of tools and techniques that can be used to perform the testing efficiently.

Reconnaissance and information gathering

Reconnaissance is the very first stage of performing a penetration test. In this stage, a pen tester will try to identify the system or application in question and find as much information as they can about it. This is the...

 

Important terminologies

Now that we are familiar with the standards, let's now cover the important terminology that we will be using a lot in the upcoming chapters:

  • Vulnerability: A weakness in a system that may allow an attacker to gain unauthorized access to it.
  • Spoofing: A situation where an individual or program successfully masks data as something else in order to obtain an unlawful advantage.
  • Exploit: A piece of code, a program, a method, or a sequence of commands that takes advantage of a vulnerability to gain unauthorized access to a system/application.
  • Payload: The actual code that is executed on the system after/during exploitation to perform the desired task.
  • Risk: Anything that can affect the confidentiality, integrity, and availability of data. Unpatched software, misconfigured servers, unsafe internet surfing habits, and so on all contribute to risk.
  • Threat...
 

Penetration testing methodologies

As we all know, there are no official penetration testing standards defined; however, our security community has introduced a few standards for all security personnel to follow. Some of the commonly known standards are the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES), and the Information Systems Security Assessment Framework (ISSAF). Most of them follow the same methodology, but their phases have been named differently. We will take a look at each of them in the following sections and cover PTES in detail.

Open Source Security Testing Methodology Manual (OSSTMM)

The definition of the OSSTMM is mentioned on their official website...

 

Common Weakness Enumeration (CWE)

In this section, we will talk about the Common Weakness Enumeration (CWE). The CWE is a universal online dictionary of weaknesses that have been found in computer software. In this section, we will cover two well-known CWEs—the OWASP Top 10 and the SANS Top 25.

OWASP Top 10

Open Web Application Security Project (OWASP) is an organization that provides computer and internet applications with impartial, realistic, and cost-effective information.

The current list for 2020 contains the following bugs:

  • Injection
  • Broken authentication
  • Sensitive data exposure
  • XML external entities (XXE)
  • Broken access control
  • Security misconfigurations
  • Cross-site scripting (XSS)
  • Insecure deserialization
  • ...
 

Summary

In this chapter, we started with the introduction to penetration testing and its types and stages. We covered the pen testing methodologies and life cycle and we looked at some important terminology. Then, we looked at the OWASP Top 10 and SANS Top 25.

In the next chapter, we will learn about the essentials of Metasploit including the Metasploit framework, installation, and setup.

 

Questions

  1. Is there a database that maintains the Common Weakness Enumeration (CWE) list?

  2. Where can I find the OWASP Top 10 and SANS Top 25 lists?

  3. Are the tools required to perform a penetration test free?

  4. How do the OSSTMM- and PTES-based penetration tests differ?

 

Further reading

About the Authors

  • Harpreet Singh

    Harpreet Singh is the author of Hands-On Red Team Tactics published by Packt Publishing and has more than 7 years of experience in the fields of ethical hacking, penetration testing, vulnerability research, and red teaming. He is also a certified OSCP (Offensive Security Certified Professional) and OSWP (Offensive Security Wireless Professional). Over the years, Harpreet has acquired an offensive skill set as well as a defensive skill set. He is a professional who specializes in wireless and network exploitation, including but not limited to mobile exploitation and web application exploitation, and he has also performed red team engagements for banks and financial groups.

    Browse publications by this author
  • Himanshu Sharma

    Himanshu Sharma has already achieved fame for finding security loopholes and vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, AT&T, Avira, and many others. He has assisted international celebrities such as Harbajan Singh in recovering their hacked accounts. He has been a speaker and trainer at international conferences such as Botconf 2013, CONFidence, RSA Singapore, LeHack, Hacktivity, Hack In the Box, and SEC-T. He also spoke at the IEEE Conference for Tedx. Currently, he is the cofounder of BugsBounty, a crowdsourced security platform.

    Browse publications by this author

Latest Reviews

(1 reviews total)
Purchase process was great. Resolving migrating large texts (file size) books to Kindle would be icing on cake.

Recommended For You

Hands-On Web Penetration Testing with Metasploit
Unlock this book and the full library for FREE
Start free trial