Packt+ | Advance your knowledge in tech

You're reading from Web Penetration Testing with Kali Linux Testing web security is best done through simulating an attack. Kali Linux lets you do this to professional standards and this is the book you need to be fully up-to-speed with this powerful open-source toolkit.

Product type Paperback

Published in Sep 2013

Publisher Packt

ISBN-13 9781782163169

Length 342 pages

Edition 1st Edition

Tools

Kali Linux

Concepts

Web Penetration Testing

Table of Contents (15) Chapters

Web Penetration Testing with Kali Linux

Credits

About the Authors

About the Reviewers

www.PacktPub.com

Preface

1. Penetration Testing and Setup FREE CHAPTER

2. Reconnaissance

3. Server-side Attacks

4. Client-side Attacks

5. Attacking Authentication

6. Web Attacks

7. Defensive Countermeasures

8. Penetration Test Executive Report

Index

A

acccheck
- about / acccheck
activity report / Statement of Work (SOW)
Alerts tab, Owasp-Zap / Owasp-Zap
Annualized Loss Expectancy (ALE) / Calculating risk
Annual Rate of Occurrence (ARO) / Calculating risk
appendices / Appendices
Application Delivery Controller (ADC) appliances / Cookie defense
application layer attacks / Denial of Services (DoS)
apt-get update command / Browser Exploitation Framework – BeEF
arpspoof
- about / dsniff and arpspoof
Asset Value (AV) / Calculating risk
attack
- scenarios, by Scapy / Scapy
Attack Setup tab, WebSlayer / WebSlayer
Autopsy
- about / Autopsy

B

BeEF
- about / Browser Exploitation Framework – BeEF
- URL / Browser Exploitation Framework – BeEF
- installing / Browser Exploitation Framework – BeEF
- apt-get update command / Browser Exploitation Framework – BeEF
- starting / Browser Exploitation Framework – BeEF
- hook.js / Browser Exploitation Framework – BeEF
BeEF system
- about / Trust
Binwalk
- about / Binwalk
BIOS (Basic Input Output System) password / CmosPwd
Black box testing / Penetration Testing methodology
brute-force attack
- about / Brute-force attacks
- Hydra / Hydra
- DirBuster / DirBuster
- WebSlayer / WebSlayer
/ Obtaining and cracking user passwords
bulk_extractor
- about / bulk_extractor
BURP Proxy
- about / BURP Proxy
- Burp Spider / BURP Proxy
- Spider function, using / BURP Proxy
Burp Spider / BURP Proxy

C

Center for Internet Security (CIS) / STIG
Certificate Authority, Owasp-Zap / Owasp-Zap
certifications / Additional SOW material
Certified Ethical Hacker (CEH)
- about / Methodology
Certified Information Systems Security Professional (CISSP) / Calculating risk
chkrootkit
- about / chkrootkit
chntpw / chntpw
CIA / Calculating risk
Cisco Network Foundation Protection (NFP) / STIG
Clickjacking
- about / Clickjacking
- URL, for downloading tool / Clickjacking
Clickjacking defense
- about / Clickjacking defense
client-side Penetration Test report / Statement of Work (SOW)
cloning / Using SET to clone and attack
cloning tools
- about / Other cloning tools
CmosPwd / CmosPwd
Common Log Format (CLF) / urlsnarf
compliance
- about / Compliance
- industry compliance / Compliance
confidentility / Confidentiality statement
Cookie Cadger
- about / Cookie Cadger
- recognized sessions / Cookie Cadger
- session request information / Cookie Cadger
cookie defense
- about / Cookie defense
Cookie Injector
- about / Cookie Injector – Firefox plugin
cookies
- about / Hijacking web session cookies
- session hijacking attacks, limitations / Hijacking web session cookies
- stealing / Hijacking web session cookies
Cookies Manager+
- about / Cookies Manager+ – Firefox plugin
cover page / Cover page
crawler tab, ProxyStrike / ProxyStrike
creddump / creddump
credentials / Additional SOW material
Critical Infrastructure Protection (CIP) / Industry standards
Crunch / Obtaining and cracking user passwords, Crunch
CutyCapt / CutyCapt

D

DBPwAudit
- about / DBPwAudit
dc3dd
- about / dc3dd
DDoS
- about / Denial of Services (DoS)
defense
- testing / Testing your defenses
- Man-in-the-middle defense / Man-in-the-middle defense
- SSL strip defense / SSL strip defense
- Denial of Service defense / Denial of Service defense
- cookie defense / Cookie defense
- Clickjacking defense / Clickjacking defense
Defense Information Systems Agency (DISA)
- about / STIG
defenses, testing
- about / Testing your defenses
- baseline security / Baseline security
- Security Technical Implementation Guide (STIG) / STIG
- patch management / Patch management
- password, policies / Password policies
Definition Of Target Space / Penetration Testing methodology
Definition Of Target System(s) / Penetration Testing methodology
Denial of Service defense
- about / Denial of Service defense
Department of Defense (DOD) / STIG
dictionary attack / Obtaining and cracking user passwords
dictstat
- about / dictstat
- running / dictstat
Dig (domain information groper) / DNS Reconnaissance techniques
digital forensics
- about / Digital forensics
DirBuster
- about / DirBuster
- Report button / DirBuster
DNS
- target, identification / DNS target identification
DNSCHEF / DNSCHEF
DNS Reconnaissance
- techniques / DNS Reconnaissance techniques
Domain Name System (DNS) / DNSCHEF
DoS
- about / Denial of Services (DoS)
- attack, categories / Denial of Services (DoS)
DoS attack categories
- volume based attacks / Denial of Services (DoS)
- protocol attacks / Denial of Services (DoS)
- application layer attacks / Denial of Services (DoS)
- session exhaustion / Denial of Services (DoS)
Dradis / Dradis
Driftnet
- about / Driftnet
dsniff
- about / dsniff and arpspoof
- starting / dsniff and arpspoof

E

e-mail systems
- exploiting / Exploiting e-mail systems
EDGAR
- about / Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
Ettercap
- about / Ettercap
- menu options / Ettercap
executive summary
- about / Executive summary
exploitation
- tools / Step 3 – Exploitation, Step 4 – Privilege Escalation
- goals / Step 3 – Exploitation
Exploitation Tools / Kali toolset overview
Exploit tab, w3af / w3af

F

Fake DNS / DNSCHEF
fdisk -l command
- mounting / Mounting Windows
Federal Energy Regulatory Commission (FERC) / Industry standards
Federal Information Processing Standards (FIPS) / Industry standards
Federal Information Security Management Act (FISMA) / Industry standards
Ferret
- about / Hamster and Ferret
Fierce script
- command, for running / DNS target identification
Filesystem analysis
- with Kali / Filesystem analysis with Kali
Fimap
- about / Fimap
- using / Fimap
findmyhash / findmyhash
FireFox Plugins
- about / Firefox plugins
- Firesheep / Firesheep – Firefox plugin
- Web Developer / Web Developer – Firefox plugin
- Greasemonkey / Greasemonkey – Firefox plugin
- Cookie Injector / Cookie Injector – Firefox plugin
- Cookies Manager+ / Cookies Manager+ – Firefox plugin
- Cookie Cadger / Cookie Cadger
- Wireshark / Wireshark
- Hamster / Hamster and Ferret
- man-in-the-middle attack / Man-in-the-middle attack
- dsniff / dsniff and arpspoof
- arpspoof / dsniff and arpspoof
- Ettercap / Ettercap
- Driftnet / Driftnet
Firesheep
- about / Firesheep – Firefox plugin
Flag
- defining / Penetration Testing methodology
FOCA
- about / FOCA – website metadata Reconnaissance
- URL, for downloading / FOCA – website metadata Reconnaissance
Foremost
- about / Foremost
forensics / Kali toolset overview
Forensics Boot
- about / Kali Forensics Boot
forensics tools
- about / Other forensics tools in Kali
- chkrootkit / chkrootkit
- Autopsy / Autopsy
- Binwalk / Binwalk
- pdf-parser / pdf-parser
- Foremost / Foremost
- Pasco / Pasco
- Scalpel / Scalpel
- bulk_extractor / bulk_extractor
FoxyProxy
- about / FoxyProxy – Firefox plugin
- proxy, adding / FoxyProxy – Firefox plugin
fping command / ICMP Reconnaissance techniques

G

GHDB
- about / Google Hacking Database
- URL / Google Hacking Database
- accessing / Google Hacking Database
- search query, selecting / Google Hacking Database
- home screen / Google Hacking Database
GIAC Penetration Tester (GPEN)
- about / Methodology
glossary / Glossary
Google hacking
- about / Google hacking
Gray box testing / Penetration Testing methodology
Greasemonkey
- about / Greasemonkey – Firefox plugin

H

hackers
- password cracking, ways / Obtaining and cracking user passwords
Hamster
- about / Hamster and Ferret
Hardware Hacking / Kali toolset overview
Hash-identifier / Hash-identifier
hashcat / hashcat and oclHashcat
hashing / Obtaining and cracking user passwords
Health Insurance Portability and Accountability (HIPAA) / Baseline security
Health Insurance Portability and Accountability Act (HIPAA) / Industry standards
hexinject
- about / hexinject
host report / Statement of Work (SOW)
host scanning
- about / Host scanning
- with Nessus / Host scanning with Nessus
Hosts tab, NMap / Nmap
HTTrack
- about / HTTrack – clone a website, HTTrack
- using / HTTrack – clone a website
- starting / HTTrack – clone a website
- directory, selecting / HTTrack – clone a website
- command, displaying / HTTrack – clone a website
hybrid / Obtaining and cracking user passwords
Hydra
- about / Hydra

I

ICMP Reconnaissance
- techniques / ICMP Reconnaissance techniques
ifconfig command / SSL strip
industry compliance
- baselines / Compliance
- standards / Compliance
- guidelines / Compliance
industry standards
- about / Industry standards
Information Collection stage / Documentation
Information Gathering / Step 1 – Reconnaissance, Kali toolset overview, Reconnaissance objectives
installation
- Kali Linux, requisites / Installing Kali Linux
- Kali Linux / Installing Kali Linux
International Organization for Standardization (ISO) / Baseline security
International Organization for Standards (ISO)
- about / Methodology
Intrusion Detection / Prevention (IDS/IPS) / Sample reports
Inundator / Inundator
Iptables
- used, for setting up port redirection / Setting up port redirection using Iptables

J

Java Applet Attack / Using SET to clone and attack
job postings
- about / Job postings
Johnny
- about / Johnny
- using / Johnny
- Statistics tab / Johnny
- Output tab / Johnny
John the Ripper
- about / John the Ripper
- operation / John the Ripper
- opening / John the Ripper
- using, on password file / John the Ripper

K

Kali
- password cracking tools / Kali password cracking tools
Kali Linux
- about / Kali Penetration Testing concepts, Introducing Kali Linux
- Reconnaissance / Step 1 – Reconnaissance
- target, evaluating / Step 2 – Target evaluation
- exploitation / Step 3 – Exploitation
- privilege escalation / Step 4 – Privilege Escalation
- Maintain Foothold, goals / Step 5 – maintaining a foothold
- URL, for downloading / Introducing Kali Linux
- system setup / Kali system setup
- Physical Address Extension (PAE) / Kali system setup
- running, from external media / Running Kali Linux from external media
- installing / Installing Kali Linux
- installation, requisites / Installing Kali Linux
- and VM image / Kali Linux and VM image first run
- toolset / Kali toolset overview
- DNSCHEF / DNSCHEF
- SniffJoke / SniffJoke
- Siege / Siege
- Inundator / Inundator
- TCPReplay / TCPReplay
- reporting, tools / Kali reporting tools
Kali Linux, tools
- Information Gathering / Kali toolset overview
- Vulnerability Analysis / Kali toolset overview
- Web Applications / Kali toolset overview
- Password Attacks / Kali toolset overview
- Wireless Attacks / Kali toolset overview
- Exploitation Tools / Kali toolset overview
- Sniffing and Spoofing / Kali toolset overview
- Maintaining Access tool / Kali toolset overview
- Reverse Engineering / Kali toolset overview
- Stress Testing / Kali toolset overview
- Hardware Hacking / Kali toolset overview
- forensics / Kali toolset overview
- Reporting Tools / Kali toolset overview
- System Services / Kali toolset overview
KeepNote / KeepNote

L

Linux passwords / Linux passwords
log tab, ProxyStrike / ProxyStrike
Log window, w3af / w3af
LOIC
- about / Low Orbit Ion Cannon
- installing / Low Orbit Ion Cannon
- launching / Low Orbit Ion Cannon
- using / Low Orbit Ion Cannon

M

MagicTree / MagicTree
Maintain Foothold
- about / Step 5 – maintaining a foothold
- goals / Step 5 – maintaining a foothold
Maintaining Access tools / Step 5 – maintaining a foothold, Kali toolset overview
Maltego
- about / Maltego – Information Gathering graphs
- starting / Maltego – Information Gathering graphs
- using / Maltego – Information Gathering graphs
Maltego caseFile / Maltego CaseFile
Man-in-the-middle
- about / Man-in-the-middle
- defense / Man-in-the-middle defense
man-in-the-middle attack
- about / Man-in-the-middle attack
Media Access Control Security (MACsec)
- about / Man-in-the-middle defense
Metasploit
- about / Metasploit
- URL / Metasploit
meterpreter / Using SET to clone and attack
MITM Proxy
- about / MitM Proxy

N

National Institute of Standards and Technology (NIST) / Industry standards
NAT option / Using SET to clone and attack
Nessus
- host scanning / Host scanning with Nessus
- installing, on Kali / Installing Nessus on Kali
- activation code, URL / Installing Nessus on Kali
- downloading, for Debian / Installing Nessus on Kali
- using / Using Nessus
Nessus HomeFeed / Installing Nessus on Kali
Nessus ProfessionalFeed / Installing Nessus on Kali
Netcat
- about / Exploiting e-mail systems
network Topology tab, NMap / Nmap
Next Generation Intrusion Prevention Systems (NGIPS) / Browser Exploitation Framework – BeEF
NMap
- about / Nmap
- using / Nmap
- Zenmap, opening / Nmap
- new profile, creating / Nmap
- New Profile or Command, selecting / Nmap
- Ping tab / Nmap
- Save Changes button / Nmap
- network Topology tab / Nmap
- Hosts tab / Nmap
- scan window / Nmap
- Zenmap / Nmap
Nmap
- URL / Nmap
North American Electric Reliability Corporation (NERC) / Industry standards

O

Ophcrack / Ophcrack
OTP (one-time passwords)
- about / Man-in-the-middle defense
Owasp-Zap
- about / Owasp-Zap
- Generate button / Owasp-Zap
- Generate / Owasp-Zap
- Certificate Authority / Owasp-Zap
- Sites window / Owasp-Zap
- Alerts tab / Owasp-Zap
- market place / Owasp-Zap
- Report tab / Owasp-Zap
- HTML report / Owasp-Zap

P

Pasco
- about / Pasco
password
- policies / Password policies
Password Attacks
- tools / Step 4 – Privilege Escalation
/ Kali toolset overview
password cracking tools, Kali
- about / Kali password cracking tools
- Johnny / Johnny
- oclHashcat / hashcat and oclHashcat
- hashcat / hashcat and oclHashcat
- samdump2 / samdump2
- chntpw / chntpw
- Ophcrack / Ophcrack
- Crunch / Crunch
passwords
- about / Cracking passwords
- cracking / Obtaining and cracking user passwords
- cracking, by hackers / Obtaining and cracking user passwords
- Windows passwords / Windows passwords
- Linux passwords / Linux passwords
Patator
- about / Patator
patch management / Patch management
patch this system / Network considerations and recommendations
Payload Generator tab, WebSlayer / WebSlayer
Payment Application Data Security Standard (PA-DSS) / Industry standards
Payment Card Industry Data Security Standard (PCI DSS) / Baseline security, Industry standards
pdf-parser
- about / pdf-parser
Penetration Testing
- web application / Web application Penetration Testing concepts
- Black box testing / Penetration Testing methodology
- White box testing / Penetration Testing methodology
- Gray box testing / Penetration Testing methodology
- work, scope / Penetration Testing methodology
- about / Calculating risk
phrasendrescher / phrasendrescher
Physical Address Extension (PAE) / Kali system setup
ping command / ICMP Reconnaissance techniques
Ping tab, NMap / Nmap
plugins tab, ProxyStrike / ProxyStrike
Port forwarding option / Using SET to clone and attack
port redirection
- setting up, Iptables used / Setting up port redirection using Iptables
privilege escalation
- about / Step 4 – Privilege Escalation
- goals / Step 4 – Privilege Escalation
professional services
- about / Professional services
Project Review / Documentation
protocol attacks / Denial of Services (DoS)
proxy section, Vega / Vega
ProxyStrike
- about / ProxyStrike
- using / ProxyStrike
- plugins tab / ProxyStrike
- log tab / ProxyStrike
- crawler tab / ProxyStrike
- URL / ProxyStrike
proxy tab, Vega / Vega

R

RainbowCrack / Obtaining and cracking user passwords
RainbowCrack (rcracki_mt) / RainbowCrack (rcracki_mt)
rainbow tables / Obtaining and cracking user passwords
Real attackers / Penetration Testing methodology
Reconnaissance / Step 1 – Reconnaissance
- objectives / Reconnaissance objectives
- research / Initial research
- company website / Company website
- web history, sources / Web history sources
- Regional Internet Registries (RIRs) / Regional Internet Registries (RIRs)
- Electronic Data Gathering, Analysis, and Retrieval (EDGAR) / Electronic Data Gathering, Analysis, and Retrieval (EDGAR)
- social media, resources / Social media resources
- trust / Trust
- job, postings / Job postings
- location / Location
- Shodan / Shodan
- Google hacking / Google hacking
- Google Hacking Database (GHDB) / Google Hacking Database
- networks, researching / Researching networks
- HTTrack / HTTrack – clone a website
- ICMP Reconnaissance, techniques / ICMP Reconnaissance techniques
- DNS Reconnaissance, techniques / DNS Reconnaissance techniques
- DNS target identification / DNS target identification
- Maltego / Maltego – Information Gathering graphs
- Nmap / Nmap
- FOCA / FOCA – website metadata Reconnaissance
report
- documentation / Documentation
- format / Report format
- executive report / Executive summary
report, format
- cover page / Cover page
- confidentiality statement / Confidentiality statement
- document, control / Document control
- timeline / Timeline
- executive summary / Executive summary
- methodology / Methodology
- testing procedures, detailed / Detailed testing procedures
- findings, summary / Summary of findings
- vulnerabilities / Vulnerabilities
- network, considerations / Network considerations and recommendations
- network, recommendations / Network considerations and recommendations
- appendices / Appendices
- glossary / Glossary
Report button, DirBuster / DirBuster
Reporting Tools / Kali toolset overview
reporting tools, Kali Linux
- Dradis / Dradis
- KeepNote / KeepNote
- Maltego caseFile / Maltego CaseFile
- MagicTree / MagicTree
- CutyCapt / CutyCapt
- sample reports / Sample reports
Report tab, Owasp-Zap / Owasp-Zap
Requests for Pricing (RFP)
- about / Professional services
Results tab, w3af / w3af
Reverse Engineering / Kali toolset overview
Review phase / Documentation
RIRs
- about / Regional Internet Registries (RIRs)
Robots.txt file / Company website

S

salting / Obtaining and cracking user passwords
SAM (System Account Management) registry file / Windows passwords
samdump2 / samdump2
Sarbanes-Oxley Act (SOX) / Industry standards
Save Changes button / Nmap
SCADA system
- about / Shodan
Scalpel
- about / Scalpel
scanner tab, Vega / Vega
Scapy
- about / Scapy
- attack, scenarios / Scapy
Secure Socket Layer (SSL) protocol / THC-SSL-DOS
security audit / Penetration Testing methodology
Sensitive Compartmented Information Facility (SCIF) / Confidentiality statement
server-side attacks
- about / Vulnerability assessment
services command / Metasploit
session exhaustion / Denial of Services (DoS)
session management
- about / Attacking session management
SET
- about / Social Engineering Toolkit (SET), SET password harvesting
- setting up / Social Engineering Toolkit (SET)
- using, to clone / Using SET to clone and attack
- using, to attack / Using SET to clone and attack
- meterpreter / Using SET to clone and attack
- Site Cloner / Using SET to clone and attack
- fake e-mail, sending / Using SET to clone and attack
- template, selecting / SET password harvesting
- username, entering / SET password harvesting
Shodan
- about / Shodan
Sidejacking
- about / Hamster and Ferret
Siege / Siege
Site Cloner / Using SET to clone and attack
Sites window, Owasp-Zap / Owasp-Zap
Skipfish
- about / Skipfish
- latest version, downloading / Skipfish
- command options / Skipfish
SLE
- about / Calculating risk
Slowloris
- about / Slowloris
- running / Slowloris
Sniffing and Spoofing / Kali toolset overview
SniffJoke / SniffJoke
Social-Engineering Attacks / Using SET to clone and attack
social engineering
- about / Social engineering
social media
- about / Social media resources
SOW
- about / Timeline, Statement of Work (SOW)
- executive report / Statement of Work (SOW)
- executive report, example / Statement of Work (SOW)
- activity report / Statement of Work (SOW)
- host report / Statement of Work (SOW)
- vulnerability report / Statement of Work (SOW)
- client-side Penetration Test report / Statement of Work (SOW)
- user report / Statement of Work (SOW)
- penetration testing, external / External Penetration Testing
- material / Additional SOW material
SQL
- about / SQL Injection
- injection / SQL Injection
- sqlmap / sqlmap
sqlmap / sqlmap
SSL strip
- about / SSL strip
SSL strip defense
- about / SSL strip defense
STIG
- about / STIG
Stress Testing / Kali toolset overview
Summary of findings / Summary of findings
System Services / Kali toolset overview

T

-t option / DNS Reconnaissance techniques
Tamper Data
- about / Hydra
Target Evaluation / Step 2 – Target evaluation
TCPReplay / TCPReplay
testing
- procedures / Detailed testing procedures
THC
- about / Hydra
THC-SSL-DOS
- about / THC-SSL-DOS
Time and Materials / Professional services
Timeframe Of Work Performed / Penetration Testing methodology
timelines / Timeline
tools, Kali
- Hash-identifier / Hash-identifier
- dictstat / dictstat
- RainbowCrack (rcracki_mt) / RainbowCrack (rcracki_mt)
- findmyhash / findmyhash
- phrasendrescher / phrasendrescher
- CmosPwd / CmosPwd
- creddump / creddump
traceroute command / ICMP Reconnaissance techniques
TrustedSec. / Social Engineering Toolkit (SET)
Turnkey services / Professional services

U

Unicast Reverse Path Forwarding (Unicast RPF) / Denial of Service defense
Update the Social-Engineer Toolkit option / Using SET to clone and attack
urlsnarf
- about / urlsnarf
- accessing / urlsnarf
- using / urlsnarf
user report / Statement of Work (SOW)

V

Vega
- about / Vega
- scanner tab / Vega
- proxy tab / Vega
- Injection modules / Vega
- Response Processing modules / Vega
- Website View window / Vega
- Proxy section / Vega
Virtual Private Network (VPN)
- about / Man-in-the-middle defense
VM image
- and Kali Linux / Kali Linux and VM image first run
volume based attacks / Denial of Services (DoS)
vulnerabilities
- about / Vulnerabilities
Vulnerability Analysis / Step 2 – Target evaluation, Kali toolset overview
Vulnerability Assessment / Penetration Testing methodology
- about / Calculating risk
vulnerability report / Statement of Work (SOW)

W

w3af
- about / w3af
- Log window / w3af
- Results tab / w3af
- Exploit tab / w3af
w3mir
- about / Other cloning tools
WayBack Machine
- accessing / Web history sources
web application
- about / Web application Penetration Testing concepts, Kali toolset overview
WebCopier
- about / Other cloning tools
Web Developer
- about / Web Developer – Firefox plugin
Webshag
- about / Webshag
- URL / Webshag
webshag-gui / Webshag
Website Attack Vectors / Using SET to clone and attack
WebSlayer
- about / WebSlayer
- Attack Setup tab / WebSlayer
- Payload Generator tab / WebSlayer
Websploit
- about / Websploit
- accessing / Websploit
White box testing / Penetration Testing methodology
Windows
- mounting / Mounting Windows
Windows Reverse_TCP Meterpreter / Using SET to clone and attack
Wireless Attacks / Kali toolset overview
Wireshark
- about / Wireshark
- location / Wireshark
- traffic, capturing / Wireshark
- unsecured cookie, capturing / Wireshark
Wireshark Cookie Dump / Cookie Injector – Firefox plugin
word count command / John the Ripper