Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved.
200
Grey-box testing occurs whenever we are provided with limited information on
the target’s scope, including authentication methods, credentials, or details about
the framework.
In this Module, we are going to focus on black-box testing to help develop the web application
skills we are learning in this course.
In this and the following Modules, we will explore web application vulnerability enumeration and
exploitation. Although the complexity of vulnerabilities and attacks varies, we’ll demonstrate
exploiting several common web application vulnerabilities in the OWASP Top 10 list.
341
The OWASP Foundation aims to improve global software security and, as part of this goal, they
develop the OWASP Top 10, a periodically-compiled list of the most critical security risks to web
applications.
Understanding these attack vectors will serve as the basic building blocks to construct more
advanced attacks, as we’ll learn in other Modules.
8.2
Web Application Assessment Tools
This Learning Unit covers the following Learning Objectives:
•
Perform common enumeration techniques on web applications
•
Understand Web Proxies theory
•
Learn how Burp Suite proxy works for web application testing
Before going into the details of web application enumeration, let’s familiarize ourselves with the
tools of the trade. In this Learning Unit, we are going to revisit Nmap for web services
enumeration, along with Wappalyzer, an online service that discloses the technology stack behind
an application, and Gobuster, a tool for performing file and web directory discovery. Lastly, we are
going to focus on the Burp Suite proxy, which we’ll rely on heavily for web application testing
during this and upcoming Modules.
8.2.1
Fingerprinting Web Servers with Nmap
As covered in a previous Module, Nmap is the go-to tool for initial active enumeration. We should
start web application enumeration from its core component, the web server, since this is the
common denominator of any web application that exposes its services.
Since we found port 80 open on our target, we can proceed with service discovery. To get started,
we’ll rely on the nmap service scan (-sV) to grab the web server (-p80) banner.
kali@kali:~$
Yüklə
Dostları ilə paylaş: