售 价:¥
9.8
温馨提示:数字商品不支持退换货,不提供源文件,不支持导出打印
为你推荐
About Packt
Why subscribe?
Packt.com
Contributors
About the authors
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
Introduction to Penetration Testing and Web Applications
Proactive security testing
Different testing methodologies
Ethical hacking
Penetration testing
Vulnerability assessment
Security audits
Considerations when performing penetration testing
Rules of Engagement
The type and scope of testing
Client contact details
Client IT team notifications
Sensitive data handling
Status meeting and reports
The limitations of penetration testing
The need for testing web applications
Reasons to guard against attacks on web applications
Kali Linux
A web application overview for penetration testers
HTTP protocol
Knowing an HTTP request and response
The request header
The response header
HTTP methods
The GET method
The POST method
The HEAD method
The TRACE method
The PUT and DELETE methods
The OPTIONS method
Keeping sessions in HTTP
Cookies
Cookie flow between server and client
Persistent and nonpersistent cookies
Cookie parameters
HTML data in HTTP response
The server-side code
Multilayer web application
Three-layer web application design
Web services
Introducing SOAP and REST web services
HTTP methods in web services
XML and JSON
AJAX
Building blocks of AJAX
The AJAX workflow
HTML5
WebSockets
Setting Up Your Lab with Kali Linux
Kali Linux
Latest improvements in Kali Linux
Installing Kali Linux
Virtualizing Kali Linux versus installing it on physical hardware
Installing on VirtualBox
Creating the virtual machine
Installing the system
Important tools in Kali Linux
CMS & Framework Identification
WPScan
JoomScan
CMSmap
Web Application Proxies
Burp Proxy
Customizing client interception
Modifying requests on the fly
Burp Proxy with HTTPS websites
Zed Attack Proxy
ProxyStrike
Web Crawlers and Directory Bruteforce
DIRB
DirBuster
Uniscan
Web Vulnerability Scanners
Nikto
w3af
Skipfish
Other tools
OpenVAS
Database exploitation
Web application fuzzers
Using Tor for penetration testing
Vulnerable applications and servers to practice on
OWASP Broken Web Applications
Hackazon
Web Security Dojo
Other resources
Reconnaissance and Profiling the Web Server
Reconnaissance
Passive reconnaissance versus active reconnaissance
Information gathering
Domain registration details
Whois – extracting domain information
Identifying related hosts using DNS
Zone transfer using dig
DNS enumeration
DNSEnum
Fierce
DNSRecon
Brute force DNS records using Nmap
Using search engines and public sites to gather information
Google dorks
Shodan
theHarvester
Maltego
Recon-ng – a framework for information gathering
Domain enumeration using Recon-ng
Sub-level and top-level domain enumeration
Reporting modules
Scanning – probing the target
Port scanning using Nmap
Different options for port scan
Evading firewalls and IPS using Nmap
Identifying the operating system
Profiling the server
Identifying virtual hosts
Locating virtual hosts using search engines
Identifying load balancers
Cookie-based load balancer
Other ways of identifying load balancers
Application version fingerprinting
The Nmap version scan
The Amap version scan
Fingerprinting the web application framework
The HTTP header
The WhatWeb scanner
Scanning web servers for vulnerabilities and misconfigurations
Identifying HTTP methods using Nmap
Testing web servers using auxiliary modules in Metasploit
Identifying HTTPS configuration and issues
OpenSSL client
Scanning TLS/SSL configuration with SSLScan
Scanning TLS/SSL configuration with SSLyze
Testing TLS/SSL configuration using Nmap
Spidering web applications
Burp Spider
Application login
Directory brute forcing
DIRB
ZAP's forced browse
Authentication and Session Management Flaws
Authentication schemes in web applications
Platform authentication
Basic
Digest
NTLM
Kerberos
HTTP Negotiate
Drawbacks of platform authentication
Form-based authentication
Two-factor Authentication
OAuth
Session management mechanisms
Sessions based on platform authentication
Session identifiers
Common authentication flaws in web applications
Lack of authentication or incorrect authorization verification
Username enumeration
Discovering passwords by brute force and dictionary attacks
Attacking basic authentication with THC Hydra
Attacking form-based authentication
Using Burp Suite Intruder
Using THC Hydra
The password reset functionality
Recovery instead of reset
Common password reset flaws
Vulnerabilities in 2FA implementations
Detecting and exploiting improper session management
Using Burp Sequencer to evaluate the quality of session IDs
Predicting session IDs
Session Fixation
Preventing authentication and session attacks
Authentication guidelines
Session management guidelines
Detecting and Exploiting Injection-Based Flaws
Command injection
Identifying parameters to inject data
Error-based and blind command injection
Metacharacters for command separator
Exploiting shellshock
Getting a reverse shell
Exploitation using Metasploit
SQL injection
An SQL primer
The SELECT statement
Vulnerable code
SQL injection testing methodology
Extracting data with SQL injection
Getting basic environment information
Blind SQL injection
Automating exploitation
sqlninja
BBQSQL
sqlmap
Attack potential of the SQL injection flaw
XML injection
XPath injection
XPath injection with XCat
The XML External Entity injection
The Entity Expansion attack
NoSQL injection
Testing for NoSQL injection
Exploiting NoSQL injection
Mitigation and prevention of injection vulnerabilities
Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
An overview of Cross-Site Scripting
Persistent XSS
Reflected XSS
DOM-based XSS
XSS using the POST method
Exploiting Cross-Site Scripting
Cookie stealing
Website defacing
Key loggers
Taking control of the user's browser with BeEF-XSS
Scanning for XSS flaws
XSSer
XSS-Sniper
Preventing and mitigating Cross-Site Scripting
Cross-Site Request Forgery, Identification, and Exploitation
Testing for CSRF flaws
Exploiting a CSRF flaw
Exploiting CSRF in a POST request
CSRF on web services
Using Cross-Site Scripting to bypass CSRF protections
Preventing CSRF
Attacking Flaws in Cryptographic Implementations
A cryptography primer
Algorithms and modes
Asymmetric encryption versus symmetric encryption
Symmetric encryption algorithm
Stream and block ciphers
Initialization Vectors
Block cipher modes
Hashing functions
Salt values
Secure communication over SSL/TLS
Secure communication in web applications
TLS encryption process
Identifying weak implementations of SSL/TLS
The OpenSSL command-line tool
SSLScan
SSLyze
Testing SSL configuration using Nmap
Exploiting Heartbleed
POODLE
Custom encryption protocols
Identifying encrypted and hashed information
Hashing algorithms
hash-identifier
Frequency analysis
Entropy analysis
Identifying the encryption algorithm
Common flaws in sensitive data storage and transmission
Using offline cracking tools
Using John the Ripper
Using Hashcat
Preventing flaws in cryptographic implementations
Using Automated Scanners on Web Applications
Considerations before using an automated scanner
Web application vulnerability scanners in Kali Linux
Nikto
Skipfish
Wapiti
OWASP-ZAP scanner
Content Management Systems scanners
WPScan
JoomScan
CMSmap
Fuzzing web applications
Using the OWASP-ZAP fuzzer
Burp Intruder
Post-scanning actions
Metasploit Quick Tips for Security Professionals
Introduction
Installing Metasploit on Windows
Getting ready
How to do it...
Installing Linux and macOS
How to do it...
Installing Metasploit on macOS
How to do it...
Using Metasploit in Kali Linux
Getting ready
How to do it...
There's more...
Upgrading Kali Linux
Setting up a penetration-testing lab
Getting ready
How to do it...
How it works...
Setting up SSH connectivity
Getting ready
How to do it...
Connecting to Kali using SSH
How to do it...
Configuring PostgreSQL
Getting ready
How to do it...
There's more...
Creating workspaces
How to do it...
Using the database
Getting ready
How to do it...
Using the hosts command
How to do it...
Understanding the services command
How to do it...
Information Gathering and Scanning
Introduction
Passive information gathering with Metasploit
Getting ready
How to do it...
DNS Record Scanner and Enumerator
There's more...
CorpWatch Company Name Information Search
Search Engine Subdomains Collector
Censys Search
Shodan Search
Shodan Honeyscore Client
Search Engine Domain Email Address Collector
Active information gathering with Metasploit
How to do it...
TCP Port Scanner
TCP SYN Port Scanner
Port scanning—the Nmap way
Getting ready
How to do it...
How it works...
There's more...
Operating system and version detection
Increasing anonymity
Port scanning—the db_nmap way
Getting ready
How to do it...
Nmap Scripting Engine
Host discovery with ARP Sweep
Getting ready
How to do it...
UDP Service Sweeper
How to do it...
SMB scanning and enumeration
How to do it...
Detecting SSH versions with the SSH Version Scanner
Getting ready
How to do it...
FTP scanning
Getting ready
How to do it...
SMTP enumeration
Getting ready
How to do it...
SNMP enumeration
Getting ready
How to do it...
HTTP scanning
Getting ready
How to do it...
WinRM scanning and brute forcing
Getting ready
How to do it...
Integrating with Nessus
Getting ready
How to do it...
Integrating with NeXpose
Getting ready
How to do it...
Integrating with OpenVAS
How to do it...
Server-Side Exploitation
Introduction
Getting to know MSFconsole
MSFconsole commands
Exploiting a Linux server
Getting ready
How to do it...
How it works...
What about the payload?
SQL injection
Getting ready
How to do it...
Types of shell
Getting ready
How to do it...
Exploiting a Windows Server machine
Getting ready
How to do it...
Exploiting common services
Getting ready
How to do it
MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption
Getting ready
How to do it...
MS17-010 EternalRomance/EternalSynergy/EternalChampion
How to do it...
Installing backdoors
Getting ready
How to do it...
Denial of Service
Getting ready
How to do it...
How to do it...
Meterpreter
Introduction
Understanding the Meterpreter core commands
Getting ready
How to do it...
How it works...
Understanding the Meterpreter filesystem commands
How to do it...
How it works...
Understanding Meterpreter networking commands
Getting ready
How to do it...
How it works...
Understanding the Meterpreter system commands
How to do it...
Setting up multiple communication channels with the target
Getting ready
How to do it...
How it works...
Meterpreter anti-forensics
Getting ready
How to do it...
How it works...
There's more...
The getdesktop and keystroke sniffing
Getting ready
How to do it...
There's more...
Using a scraper Meterpreter script
Getting ready
How to do it...
How it works...
Scraping the system using winenum
How to do it...
Automation with AutoRunScript
How to do it...
Meterpreter resource scripts
How to do it...
Meterpreter timeout control
How to do it...
Meterpreter sleep control
How to do it...
Meterpreter transports
How to do it...
Interacting with the registry
Getting ready
How to do it...
Loading framework plugins
How to do it...
Meterpreter API and mixins
Getting ready
How to do it...
How it works...
Railgun—converting Ruby into a weapon
Getting ready
How to do it...
How it works...
There's more...
Adding DLL and function definitions to Railgun
How to do it...
How it works...
Injecting the VNC server remotely
Getting ready
How to do it...
Enabling Remote Desktop
How to do it...
How it works...
Post-Exploitation
Introduction
Post-exploitation modules
Getting ready
How to do it...
How it works...
How to do it...
How it works...
Bypassing UAC
Getting ready
How to do it...
Dumping the contents of the SAM database
Getting ready
How to do it...
Passing the hash
How to do it...
Incognito attacks with Meterpreter
How to do it...
Using Mimikatz
Getting ready
How to do it...
There's more...
Setting up a persistence with backdoors
Getting ready
How to do it...
Becoming TrustedInstaller
How to do it...
Backdooring Windows binaries
How to do it...
Pivoting with Meterpreter
Getting ready
How to do it...
How it works...
Port forwarding with Meterpreter
Getting ready
How to do it...
Credential harvesting
How to do it...
Enumeration modules
How to do it...
Autoroute and socks proxy server
How to do it...
Analyzing an existing post-exploitation module
Getting ready
How to do it...
How it works...
Writing a post-exploitation module
Getting ready
How to do it...
Using MSFvenom
Introduction
Payloads and payload options
Getting ready
How to do it...
Encoders
How to do it...
There's more...
Output formats
How to do it...
Templates
Getting ready
How to do it...
Meterpreter payloads with trusted certificates
Getting ready
How to do it...
There's more...
Client-Side Exploitation and Antivirus Bypass
Introduction
Exploiting a Windows 10 machine
Getting ready
How to do it...
Bypassing antivirus and IDS/IPS
How to do it...
Metasploit macro exploits
How to do it...
There's more...
Human Interface Device attacks
Getting ready
How to do it...
HTA attack
How to do it...
Backdooring executables using a MITM attack
Getting ready
How to do it...
Creating a Linux trojan
How to do it...
Creating an Android backdoor
Getting ready
How to do it...
There's more...
Social-Engineer Toolkit
Introduction
Getting started with the Social-Engineer Toolkit
Getting ready
How to do it...
How it works...
Working with the spear-phishing attack vector
How to do it...
Website attack vectors
How to do it...
Working with the multi-attack web method
How to do it...
Infectious media generator
How to do it...
How it works...
Working with Modules for Penetration Testing
Introduction
Working with auxiliary modules
Getting ready
How to do it...
DoS attack modules
How to do it...
HTTP
SMB
Post-exploitation modules
Getting ready
How to do it...
Understanding the basics of module building
How to do it...
Analyzing an existing module
Getting ready
How to do it...
Building your own post-exploitation module
Getting ready
How to do it...
Building your own auxiliary module
Getting ready
How to do it...
Other Books You May Enjoy
Leave a review - let other readers know what you think
买过这本书的人还买过
读了这本书的人还在读
同类图书排行榜
购物车
个人中心
