Penetration Testing with Kali Linux OffSec


səhifə10/132
tarix21.12.2023
ölçüsü
#187693
1   ...   6   7   8   9   10   11   12   13   ...   132
PEN-200

Common Web Application Attacks

where we survey four different kinds of vulnerabilities. 
Directory Traversal
8
provides us with an 
example of how we can obtain access to information that we’re not supposed to. 
File Inclusion
shows us what can happen when certain configurations are not set up judiciously by a web 
administrator. 
File Upload Vulnerabilities
9
demonstrate how we can take advantage of the ability 
to upload our own files to a web server. Finally, 
Command Injection
10
allows us to run code of our 
choice on the web server itself. 
Our examination of web-based attacks concludes with a dedicated Module on 
SQL Injection

otherwise known as 
SQLi
.
11
This vulnerability class is particularly important not only because of 
how common it is, but because it teaches us how weaknesses can arise in a system due to 
multiple components interacting with each other in complex ways. In the case of SQLi, a web 
server and a database need to both be set up in precise ways so that we as attackers cannot 
abuse them. 
Client-Side Attacks
are another very common external class of attacks. They generally deal with 
methods of taking advantage of human users of computer systems. In this Module, we’ll learn 
how to perform reconnaissance on a system, attack users of common programs like Microsoft 
Office, and even how to abuse Microsoft Library Files. 
7
(OffSec, 2023), https://www.offsec.com/offsec/clarifying-hacking-with-xss/ 
8
(OWASP, 2023), https://owasp.org/www-community/attacks/Path_Traversal 
9
(OWASP, 2023), https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload 
10
(OWASP, 2023), https://owasp.org/www-community/attacks/Command_Injection 
11
(OffSec, 2023), https://www.offsec.com/offsec/start-studying-security-with-sqli/ 


Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
28 
2.3.4
Other Perimeter Attacks 
It is relatively common to encounter various types of external-facing services on a penetration 
test that are vulnerable to different kinds of attacks. However, as penetration testers we will rarely 
have time to write our own exploits from scratch in the middle of an engagement. 
Luckily, there are several ways in which we can benefit from the experience of the information 
security community. 
Locating Public Exploits
will portray several different means of working with 
exploits that are available on Kali Linux and 
on the internet
.
12
Then, 
Fixing Exploits
will help us 
adapt these exploits to suit our specific needs. 
We then explore the very surface of a very exciting subject: 
Anti Virus Evasion
. While 
Anti Virus
(AV) evasion isn’t itself a perimeter attack, having some knowledge of how to avoid AV will be 
helpful since most modern day enterprises do deploy AV solutions. 
Finally, we complete our review of perimeter attacks with an analysis of cryptography and 
Password Attacks
. Weak or predictable passwords are extremely common in most organizations. 
This Module covers how to attack network services and how to obtain and crack various kinds of 
credentials. 
2.3.5
Privilege Escalation and Lateral Movement 
Once we obtain access to a machine, we suddenly have a whole set of new actions and activities 
open to us. We may want to increase our 
privileges
13
on the machines so that we can fully control 
it, or we might want to use it to gain access to other machines on the network. 

Yüklə

Dostları ilə paylaş:
1   ...   6   7   8   9   10   11   12   13   ...   132




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin