Penetration Testing with Kali Linux OffSec
|
|
Common Web Application Attacks
, where we survey four different kinds of vulnerabilities. Directory Traversal 8 provides us with an example of how we can obtain access to information that we’re not supposed to. File Inclusion shows us what can happen when certain configurations are not set up judiciously by a web administrator. File Upload Vulnerabilities 9 demonstrate how we can take advantage of the ability to upload our own files to a web server. Finally, Command Injection 10 allows us to run code of our choice on the web server itself. Our examination of web-based attacks concludes with a dedicated Module on SQL Injection , otherwise known as SQLi . 11 This vulnerability class is particularly important not only because of how common it is, but because it teaches us how weaknesses can arise in a system due to multiple components interacting with each other in complex ways. In the case of SQLi, a web server and a database need to both be set up in precise ways so that we as attackers cannot abuse them. Client-Side Attacks are another very common external class of attacks. They generally deal with methods of taking advantage of human users of computer systems. In this Module, we’ll learn how to perform reconnaissance on a system, attack users of common programs like Microsoft Office, and even how to abuse Microsoft Library Files. 7 (OffSec, 2023), https://www.offsec.com/offsec/clarifying-hacking-with-xss/ 8 (OWASP, 2023), https://owasp.org/www-community/attacks/Path_Traversal 9 (OWASP, 2023), https://owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload 10 (OWASP, 2023), https://owasp.org/www-community/attacks/Command_Injection 11 (OffSec, 2023), https://www.offsec.com/offsec/start-studying-security-with-sqli/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 28 2.3.4 Other Perimeter Attacks It is relatively common to encounter various types of external-facing services on a penetration test that are vulnerable to different kinds of attacks. However, as penetration testers we will rarely have time to write our own exploits from scratch in the middle of an engagement. Luckily, there are several ways in which we can benefit from the experience of the information security community. Locating Public Exploits will portray several different means of working with exploits that are available on Kali Linux and on the internet . 12 Then, Fixing Exploits will help us adapt these exploits to suit our specific needs. We then explore the very surface of a very exciting subject: Anti Virus Evasion . While Anti Virus (AV) evasion isn’t itself a perimeter attack, having some knowledge of how to avoid AV will be helpful since most modern day enterprises do deploy AV solutions. Finally, we complete our review of perimeter attacks with an analysis of cryptography and Password Attacks . Weak or predictable passwords are extremely common in most organizations. This Module covers how to attack network services and how to obtain and crack various kinds of credentials. 2.3.5 Privilege Escalation and Lateral Movement Once we obtain access to a machine, we suddenly have a whole set of new actions and activities open to us. We may want to increase our privileges 13 on the machines so that we can fully control it, or we might want to use it to gain access to other machines on the network. Yüklə Dostları ilə paylaş:
|