Mastering Kali Linux for Web Penetration Testing
4.5/5
()
About this ebook
- Make the most out of advanced web pen-testing techniques using Kali Linux 2016.2
- Explore how Stored (a.k.a. Persistent) XSS attacks work and how to take advantage of them
- Learn to secure your application by performing advanced web based attacks.
- Bypass internet security to traverse from the web to a private network.
This book targets IT pen testers, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing would be beneficial.
Related to Mastering Kali Linux for Web Penetration Testing
Related ebooks
Mastering Kali Linux for Advanced Penetration Testing - Second Edition Rating: 0 out of 5 stars0 ratingsLearn Kali Linux 2019: Perform powerful penetration testing using Kali Linux, Metasploit, Nessus, Nmap, and Wireshark Rating: 0 out of 5 stars0 ratingsMetasploit Bootcamp Rating: 5 out of 5 stars5/5Penetration Testing with the Bash shell Rating: 0 out of 5 stars0 ratingsKali Linux Network Scanning Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsProfessional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Kali Linux Wireless Penetration Testing Essentials Rating: 5 out of 5 stars5/5Nmap: Network Exploration and Security Auditing Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing Bootcamp Rating: 5 out of 5 stars5/5Building Virtual Pentesting Labs for Advanced Penetration Testing Rating: 0 out of 5 stars0 ratingsBurp Suite Essentials Rating: 4 out of 5 stars4/5Kali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratingsPenetration Testing with Raspberry Pi - Second Edition Rating: 5 out of 5 stars5/5Applied Network Security Rating: 0 out of 5 stars0 ratingsWireshark Network Security Rating: 3 out of 5 stars3/5Hands-On Network Forensics: Investigate network attacks and find evidence using common network forensic tools Rating: 0 out of 5 stars0 ratingsMastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsCompTIA PenTest+ Study Guide: Exam PT0-001 Rating: 0 out of 5 stars0 ratingsCybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Penetration Testing with Raspberry Pi Rating: 5 out of 5 stars5/5Nmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsPenetration Testing with BackBox Rating: 0 out of 5 stars0 ratingsSQL Injection Attacks and Defense Rating: 5 out of 5 stars5/5Developer's Guide to Web Application Security Rating: 3 out of 5 stars3/5Building a Pentesting Lab for Wireless Networks Rating: 0 out of 5 stars0 ratings
Security For You
Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Hacking For Dummies Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Study Guide: Exam CS0-003 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Measure Anything in Cybersecurity Risk Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5
Reviews for Mastering Kali Linux for Web Penetration Testing
3 ratings1 review
- Rating: 4 out of 5 stars4/5“As applications have become more complex, and their importance has skyrocketed, bolt-on security approaches are no longer cutting it.”In “Mastering Kali Linux for Web Penetration Testing” by Michael McPhee.Hah... memories of a rather expensive inter-bank trading system we were offered one time to test. Examining the executable revealed a few plain text strings, one of which (the name of a biscuit in upper case) stood out as dubious, and turned out to be the encryption key for all communications (“super-duper unbreakable encryption" was one of their selling points) ... With that, and a little bit of poking around, we reached the stage where we could send a message to another counterpart offering them a product at a certain price, and then we could send a message that told the server they'd accepted it (forming a legally binding contract - notional values for these goods were of the order of millions and tens of millions of dollars). Being nice guys, we didn't do this for real (the above was done on the QA rig), but rejected the software. When we explained why, the vendors told us what we did would be "a breach of the license terms", and couldn't understand why we fell about laughing... especially after the way they "patched" the holes (obscured the encryption key with, I kid you not, ROT13.)Names above withheld to protect the incompetent...The thing you can usefully pick up in a day or two is more the mindset involved in trying to find and exploit a weakness rather than all the techniques involved (e.g., spend the day with a reformed burglar who can show you which properties and vulnerable where, ditto shoplifters etc.) - the tools and techniques change over time, but the attitude less so... We are cannibalizing our youngest and brightest citizens (worldwide). Aaron Schwartz, Manning and Snowden have all empowered themselves to listen to their consciences and act on information about security and safety breaches or unfair protocols, acts which are no mean feat given that the political noise and threats for being engaged and concerned have never been set at higher decibels. Even if your privacy has already been breached, notification still gives you the option to act: change your password, check your credit card purchases (or freeze them), etc. etc.Or - where possible - take your business elsewhere, to somebody who protects their clients' data as they ought. It's like the US situation where restaurants that fail a health inspection are obliged to put a notice in their window for potential customers to see; the risk of having to do that gives them an incentive to keep the place clean.It sounds like a real head-fuck, dealing with all the shit every single time one of the multiple companies that has any of your info has what may turn out to be a minor, insignificant breach. When nearly everyone has opted out or opted for the apparent safety of silence, a few continue to stand up and point out wrongdoing. That we are targeting them instead of the true threats is so insane it points to a societal death wish.And in the real world someone said "The Emperor has no cloths". Hearing of this, the Emperor had the boy locked up.
Book preview
Mastering Kali Linux for Web Penetration Testing - Michael McPhee
Mastering Kali Linux for Web Penetration Testing
Test and evaluate all aspects of the design and implementation
Michael McPhee
BIRMINGHAM - MUMBAI
Mastering Kali Linux for Web Penetration Testing
Copyright © 2017 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: June 2017
Production reference: 1230617
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham
B3 2PB, UK.
ISBN 978-1-78439-507-0
www.packtpub.com
Credits
About the Author
Michael McPhee is a systems engineer at Cisco in New York, where he has worked for the last 4 years and has focused on cyber security, switching, and routing. Mike’s current role sees him consulting on security and network infrastructures, and he frequently runs clinics and delivers training to help get his customers up to speed. Suffering from a learning addiction, Mike has obtained the following certifications along the way: CEH, CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He is currently working on his VCP6-DV certification, following his kids to soccer games and tournaments, traveling with his wife and kids to as many places as possible, and scouting out his future all-grain beer home brewing rig. He also spends considerable time breaking his home network (for science!), much to the family's dismay.
Prior to joining Cisco, Mike spent 6 years in the U.S. Navy and another 10 working on communications systems as a systems engineer and architect for defense contractors, where he helped propose, design, and develop secure command and control networks and electronic warfare systems for the US DoD and NATO allies.
Prior publication:
Penetration Testing with the Raspberry Pi – Second Edition (with Jason Beltrame), Packt Publishing, November 2016.
To the Packt folks--thank you again for the support and for getting this book off the ground! I am blessed with the coolest team at my day job, where I receive a ton of support in pursuing all these extracurricular activities. The camaraderie from Eric Schickler and the awesome support of my manager, Mike Kamm, are especially helpful in keeping me on track and balancing my workload. In addition to my local teammates, any time I can get with my good friends, Jason Beltrame and Dave Frohnapfel, is the highlight of my week, and they have been a huge help in getting the gumption to tackle this topic. I’m lucky to have learned security at the feet of some awesome teachers, especially Mark Cairns, Bob Perciaccante, and Corey Schultz. For reasons that defy logic, Joey Muniz still sticks his neck out to support me, and I am forever in his debt--thanks dude! Lastly, I need to thank my family. Mom, you pretend to know what I am talking about and let me fortify your home network, thanks for always being so supportive. Liam and Claire--you two give me hope for the future. Keep asking questions, making jokes, and making us proud! Lastly, my beautiful wife, Cathy, keeps me healthy and happy despite myself, and the best anyone can hope for is to find a friend and partner as amazing as she is.
About the Reviewers
Aamir Lakhani is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.
Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions, and government organizations. He has also assisted organizations in safeguarding IT and physical environments from attacks perpetrated by underground cybercrime groups. Mr. Lakhani is considered to an industry leader for creating detailed security architectures within complex computing environments. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the internet's dark security movement. He is the author of or contributor to several books, and has appeared on FOX Business News, National Public Radio, and other media outlets as an expert on cyber security.
It was my pleasure working with the author and reviewing this book! They worked hard in putting together a quality product I will easily recommend. I also want to thank my dad and mom, Mahmood and Nasreen Lakhani, for always encouraging me to be my best. Thank you for always believing in me.
Dave Frohnapfel has over 10 years of experience in the engineering field and his diverse background includes experience with a service provider, global enterprise, and engineering design for a hardware manufacturer. In his current role at Cisco Systems, he is a leader in network security. Moreover, he is passionate about helping organizations address the evolving threat landscape and focusing on game-changing technology solutions. Before Cisco, he had extensive enterprise experience in building and maintaining large data centers and service delivery networks, and he managed an international operations staff.
www.PacktPub.com
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.comand as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at service@packtpub.com for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www.packtpub.com/mapt
Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.
Why subscribe?
Fully searchable across every book published by Packt
Copy and paste, print, and bookmark content
On demand and accessible via a web browser
Customer Feedback
Thanks for purchasing this Packt book. At Packt, quality is at the heart of our editorial process. To help us improve, please leave us an honest review on this book's Amazon page at https://www.amazon.com/dp/1784395072.
If you'd like to join our team of regular reviewers, you can e-mail us at customerreviews@packtpub.com. We award our regular reviewers with free eBooks and videos in exchange for their valuable feedback. Help us be relentless in improving our products!
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Downloading the color images of this book
Errata
Piracy
Questions
Common Web Applications and Architectures
Common architectures
Standalone models
Three-tier models
Model-View-Controller design
Web application hosting
Physical hosting
Virtual hosting
Cloud hosting
Containers – a new trend
Application development cycles
Coordinating with development teams
Post deployment - continued vigilance
Common weaknesses – where to start
Web application defenses
Standard defensive elements
Additional layers
Summary
Guidelines for Preparation and Testing
Picking your favorite testing framework
Frameworks through a product
Train like you play
The EC-Council approach
The GIAC/SANS approach
The Offensive Security approach
Open source methodologies and frameworks
ISECOM's OSSTMM
ISSAF
NIST publications
OWASP's OTG
Keeping it legal and ethical
What is legal?
What is ethical?
Labbing - practicing what we learn
Creating a virtualized environment
Our penetration testing host
Creating a target-rich environment
Finding gullible servers
Unwitting clients
Summary
Stalking Prey Through Target Recon
The imitation game
Making (then smashing) a mirror with HTTrack
Making a stealthy initial archive
Tuning stealthier archives
Is the mirror complete and up-to-date?
Touring the target environment
Open source awesomeness
Open source Intel with Google and the Google hacking database
Tuning your Google search skills
Work smarter with the Google hacking DB and Netcraft
Mastering your own domain
Digging up the dirt
Digging record types
Getting fierce
Next steps with Nikto
Employing Maltego to organize
Being social with your target
Summary
Scanning for Vulnerabilities with Arachni
Walking into spider webs
Optimal Arachni deployment tips
An encore for stacks and frameworks
The Arachni test scenario
Profiles for efficiency
Creating a new profile
Scoping and auditing options
Converting social engineering into user input and mobile platform emulation
Fingerprinting and determining platforms
Checks (please)
Plugging into Arachni extensions and third-party add-ons
Browser clusters
Kicking off our custom scan
Reviewing the results
Summary
Proxy Operations with OWASP ZAP and Burp Suite
Pulling back the curtain with ZAP
Quick refresher on launching ZAP scans
Going active with ZAP
Passive ZAP scanning
Getting fuzzy with ZAP
Taking it to a new level with Burp Suite
Recon with Burp Suite
Stay on target!
Getting particular with proxy
Going active with Spider
Activating Burp Suite
Scanning for life (or vulnerabilities)
Passive scans are a no brainer
Active scanning – Use with care!
The flight of the intruder
Stop, enumerate, and listen!
Select, attack, highlight, and repeat!
Summary
Infiltrating Sessions via Cross-Site Scripting
The low-down on XSS types
Should XSS stay or should it go?
Location, location, and location!
XSS targeting and the delivery
Seeing is believing
Don't run with XSSer(s)!
Stored XSS with BeEF
Here, phishy phishy!
Let's go Metasploiting
Building your own payload
Every good payload needs a handler
Seal the deal – Delivering shell access
Metasploit's web-focused cousin – Websploit
Summary
Injection and Overflow Testing
Injecting some fun into your testing
Is SQL any good?
A crash course in DBs gone bad
Types of SQLI
In-band or classic SQLI
Blind SQLI
Stacked or compound SQLI
SQLI tool school
Old-school SQLI via browsers
Stepping it up with SQLMap
Cooking up some menu-driven SQLI with BBQSQL
SQLI goes high-class with Oracle
The X-factor - XML and XPath injections
XML injection
XPath injection
Credential Jedi mind tricks
Going beyond persuasion – Injecting for execution
Code injections
Overflowing fun
Commix - Not-so-funny command injections
Down with HTTP?
Summary
Exploiting Trust Through Cryptography Testing
How secret is your secret?
Assessing encryption like a pro
SSLyze - it slices, it scans…
SSLscan can do it!
Nmap has SSL skills too
Exploiting the flaws
POODLE – all bark, no bite (usually)
Heartbleed-ing out
DROWNing HTTPS
Revisiting the classics
Hanging out as the Man-in-the-Middle
Scraping creds with SSLstrip
Looking legit with SSLsniff and SSLsplit
SSLsniff
SSLsplit
Alternate MITM motives
Summary
Stress Testing Authentication and Session Management
Knock knock, who's there?
Does authentication have to be hard?
Authentication 2.0 - grabbing a golden ticket
The basic authentication
Form-based authentication
Digest-based authentication
Trust but verify
This is the session you are looking for
Munching on some cookies?
Don't eat fuzzy cookies
Jedi session tricks
Functional access level control
Refining a brute's vocabulary
Summary
Launching Client-Side Attacks
Why are clients so weak?
DOM, Duh-DOM DOM DOM!!
Malicious misdirection
Catch me if you can!
Picking on the little guys
Sea-surfing on someone else's board
Simple account takeovers
Don't you know who I am? Account creation
Trust me, I know the way!
I don't need your validation
Trendy hacks come and go
Clickjacking (bWAPP)
Punycode
Forged or hijacked certificates
Summary
Breaking the Application Logic
Speed-dating your target
Cashing in with e-commerce
Financial applications - Show me the money
Hacking human resources
Easter eggs of evil
So many apps to choose from…
Functional Feng Shui
Basic validation checks
Sometimes, less is more?
Forgery shenanigans
What does this button do?
Timing is everything
Reaching your functional limits
Do we dare to accept files?
Summary
Educating the Customer and Finishing Up
Finishing up
Avoiding surprises with constant contact
Establishing periodic updates
When to hit the big red button
Weaving optimism with your action plan
The executive summary
Introduction
Highlights, scoring, and risk recap
More on risk
Guidance - earning your keep
Detailed findings
The Dradis framework
MagicTree
Other documentation and organization tools
Graphics for your reports
Bringing best practices
Baking in security
Honing the SDLC
Role-play - enabling the team
Picking a winner
Plans and programs
More on change management
Automate and adapt
Assessing the competition
Backbox Linux
Samurai web testing framework
Fedora Security Spin
Other Linux pen test distros
What About Windows and macOS?
Summary
Preface
Web applications are where customers and businesses meet. On the internet, a very large proportion of the traffic is now between servers and clients, and the power and trust placed in each application while exposing them to the outside world makes them a popular target for adversaries to steal, eavesdrop, or cripple businesses and institutions. As penetration testers, we need to think like the attacker to better understand, test, and make recommendations for the improvement of those web apps. There are many tools to fit any budget, but Kali Linux is a fantastic and industry-leading open source distribution that can facilitate many of these functions for free. Tools Kali provides, along with standard browsers and appropriate plugins, enable us to tackle most web penetration testing scenarios. Several organizations provide wonderful training environments that can be paired with a Kali pen testing box to train and hone their web pen testing skills in safe environments. These can ensure low-risk experimentation with powerful tools and features in Kali Linux that go beyond a typical script-kiddie approach. This approach assists ethical hackers in responsibly exposing, identifying, and disclosing weaknesses and flaws in web applications at all stages of development. One can safely test using these powerful tools, understand how to better identify vulnerabilities, position and deploy exploits, compromise authentication and authorization, and test the resilience and exposure applications possess. At the end, the customers will be better served with actionable intelligence and guidance that will help them secure their application and better protect their users, information, and intellectual property.
What this book covers
Chapter 1, Common Web Applications and Architectures, reviews some common web application architectures and hosting paradigms to help us identify the potential weaknesses and select the appropriate test plan.
Chapter 2, Guidelines for Preparation and Testing, helps us understand the many sources of requirements for our testing (ethical, legal, and regulatory) and how to select the appropriate testing methodology for a scenario or customer.
Chapter 3, Stalking Prey Through Target Recon, introduces open source intelligence gathering and passive recon methods to help map out a target and its attack surface.
Chapter 4, Scanning for Vulnerabilities with Arachni, discusses one of the purpose-built vulnerability scanners included in Kali that can help us conduct scans of even the largest applications and build fantastic reports.
Chapter 5, Proxy Operations with OWASP ZAP and Burp Suite, dives into proxy-based tools to show how they can not only actively scan, but passively intercept and manipulate messages to exploit many vulnerabilities.
Chapter 6, Infiltrating Sessions via Cross-Site Scripting, explores how we can test and implement Cross Site Scripting (XSS) to both compromise the client and manipulate the information flows for other attacks. Tools such as BeEF, XSSer, Websploit, and Metasploit are discussed in this chapter.
Chapter 7, Injection and Overflow Testing, looks into how we can test for various forms of unvalidated input (for example, SQL, XML, LDAP, and HTTP) that have the potential to reveal inappropriate information, escalate privileges, or otherwise damage an application's servers or modules. We'll see how Commix, BBQSQL, SQLMap, SQLninja, and SQLsus can help.
Chapter 8, Exploiting Trust Through Cryptography Testing, helps us see how we can tackle testing the strength that encryption applications may be using to protect the integrity and privacy of their communications with clients. Our tools of interest will be SSLstrip, SSLScan, SSLsplit, SSLyze, and SSLsniff.
Chapter 9, Stress Testing Authentication and Session Management, tackles the testing of various vulnerabilities and schemes focused on how web apps determine who is who and what they are entitled to see or access. Burp will be the primary tool of interest.
Chapter 10, Launching Client-Side Attacks, focuses on how to test for vulnerabilities (CSRF, DOM-XSS, and so on) that allow attackers to actually compromise a client and either steal its information or alter its behavior, as the earlier chapters dealt with how to test the servers and applications themselves. JavaScript and other forms of implant will be the focus.
Chapter 11, Breaking the Application Logic, explains how to test for a variety of flaws in the business logic of an application. Important as it is, it requires significant understanding of what the app is intending and how it is implemented.
Chapter 12, Educating the Customer and Finishing Up, wraps up the book with a look at providing useful and well-organized guidance and insights to the customer. This chapter also looks at complementary or alternate toolsets worth a look.
What you need for this book
Hardware list:
The exercises performed in this book and the tools used can be deployed on any modern Windows, Linux, or Mac OS machine capable of running a suitable virtualization platform and a more recent version of the OS. Suggested minimum requirements should allow for at least the following resources to be available to your virtual platforms:
4 virtual CPUs
4-8 GB of RAM
802.3 Gigabit Ethernet, shared with host machine
802.11a/g/n/ac WiFi link, shared with host machine
Software list:
Desktop/Laptop Core OS and Hypervisor:
Virtualization should be provided by one of Kali Linux's supported hypervisors, namely one of the following options. The operating system and hardware will need to support the minimum requirements, with an eye toward dedicating the previous hardware recommendations to the guest virtual machines:
For Windows:
VMware Workstation Pro 12 or newer (Player does not support multiple VMs at a time)--http://www.vmware.com/products/workstation.html
VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads
For Mac OS:
VMware Fusion 7.X or newer--http://www.vmware.com/products/fusion.html
Parallels 12 for Mac--http://www.parallels.com/products/desktop/
VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads
For Linux:
VMWare Workstation 12 or newer (Player does not support multiple VMs at a time)--http://www.vmware.com/products/workstation-for-linux.html
VirtualBox 5.1 or newer--https://www.virtualbox.org/wiki/Downloads
For Barebones Hypervisors:
VMware ESXi/vSphere 5.5 or newer
Microsoft Hyper-V 2016
Redhat KVM/sVirt 5 or newer
Applications and virtual machines:
Essential:
Kali Linux VM (choose 64-bit VM, Vbox, or Hyper-V image)--https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
Alternatives:
Kali Linux ISO (64 bit, for Virtual-Box or Parallels)--https://www.kali.org/downloads/
Target VMs:
OWASP Broken Web Application: https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project
Metasploitable 2--https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
Metasploitable 3--https://community.rapid7.com/community/metasploit/blog/2016/11/15/test-your-might-with-the-shiny-new-metasploitable3
Bee Box--http://www.itsecgames.com
Damn Vulnerable Web Application (DVWA)--http://www.dvwa.co.uk
OWASP Mutillidae 2--https://sourceforge.net/projects/mutillidae/files/
Windows Eval Mode OS + Browser--https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Who this book is for
This book is focused on IT pentesters, security consultants, and ethical hackers who want to expand their knowledge and gain expertise on advanced web penetration techniques. Prior knowledge of penetration testing will be beneficial.
Conventions
In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.
Code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles are shown as follows: As with general exploits, we can see the payload's options in following screenshot using show options and see the commands with -h to guide ourselves through the entire operation.
A block of code is set as follows:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: When we click on the Login button, our helpful database spills the beans and we realize exactly what the query we are trying to attack is, as shown in following screenshot.
Warnings or important notes appear in a box like this.
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of.
To send us general feedback, simply e-mail feedback@packtpub.com, and mention the book's title in the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Downloading the example code
You can download the example code files for this book from your account at http://www.packtpub.com. If you purchased this book elsewhere, you can visit http://www.packtpub.com/support and register to have the files e-mailed directly to you.
You can download the code files by following these steps:
Log in or register to our website using your e-mail address and password.
Hover the mouse pointer on the SUPPORT tab at the top.
Click on Code Downloads & Errata.
Enter the name of the book in the Search box.
Select the book for which you're looking to download the code files.
Choose from the drop-down menu where you purchased this book from.
Click on Code Download.
Once the file is downloaded, please make sure that you unzip or extract the folder using the latest version of:
WinRAR / 7-Zip for Windows
Zipeg / iZip / UnRarX for Mac
7-Zip / PeaZip for Linux
The code bundle for the book is also hosted on GitHub at https://github.com/PacktPublishing/Mastering-Kali-Linux-for-Web-Penetration-Testing. We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!
Downloading the color images of this book
We also provide you with a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output. You can download this file from https://www.packtpub.com/sites/default/files/downloads/MasteringKaliLinuxforWebPenetrationTesting_ColorImages.pdf.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books-maybe a mistake in the text or the code-we would be grateful if you could report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded to our website or added to any list