Index

A

• advance-free scams
  • reference links / See also
• attack types
  • sniper / How it works...
  • battering ram / How it works...
  • Pitchfork / How it works...
  • cluster bomb / How it works...

B

• Bee-box virtual machine
  • URL / Exploiting Heartbleed vulnerability
• BeEF
  • used, for exploiting XSS / Exploiting XSS with BeEF, How to do it..., How it works...
  • features / There's more...
  • URL / There's more...
• Billion laughs
  • URL / There's more...
• Blind SQLi
  • exploiting / Exploiting a Blind SQLi, How to do it..., There's more...
• blind SQL Injection
  • identifying / Identifying a blind SQL Injection, How to do it..., How it works...
• Browser Exploitation Framework (BeeF)
  • about / Attacking with BeEF
  • used, for attacking / How to do it..., How it works...
• browser_autpwn2, Metasploit
  • used, for attacking client / Using Metasploit's browser_autpwn2 to attack a client, How to do it..., How it works...
  • EXCLUDE_PATTERN option / How it works...
  • ShowExploitLis option / How it works...
  • VERBOSE option / How it works...
• brute force
  • password hashes, cracking with oclHashcat/cudaHashcat / Cracking password hashes by brute force using oclHashcat/cudaHashcat, Getting ready, How to do it..., How it works...
• Burp's repeater
  • used, for sending repeating requests / Repeating requests with Burp's repeater, How to do it..., How it works...
• Burp Suite
  • used, for crawling website / Using Burp Suite to crawl a website, How to do it..., How it works...
  • about / Using Burp Suite to view and alter requests
  • using, for viewing and altering requests / Using Burp Suite to view and alter requests, How to do it..., How it works...
  • used, for performing dictionary attacks on login pages / Dictionary attacks on login pages with Burp Suite, How to do it..., How it works...
• bWapp Bee-box
  • URL / See also

C

• cascading style sheets (CSS) / Using Firebug to analyze and alter basic behavior
• Certificate Authority (CA) / Setting up an SSL MITM attack
• CeWL
  • used, for password profiling / Password profiling with CeWL, See also
  • about / How it works...
• Chromium web browser
  • URL / See also
• client
  • attacking, with Metasploit's browser_autpwn2 / Using Metasploit's browser_autpwn2 to attack a client, How to do it...
• client virtual machine
  • creating / Creating a client virtual machine, How to do it..., How it works...
• code
  • executing, with Tomcat Manager / Using Tomcat Manager to execute code, How to do it..., How it works...
• command-line interface (CLI) / There's more...
• commands
  • executing, Shellshock used / Executing commands with Shellshock, How to do it..., How it works...
• Common User Password Profiler (CUPP)
  • about / See also
  • URL / See also
• content management systems (CMS) / Taking advantage of robots.txt
• Content Management Systems (CMS) / How to do it...
• cookies
  • about / Obtaining and modifying cookies, Identifying vulnerabilities in cookies
  • obtaining / Obtaining and modifying cookies, How to do it..., How it works...
  • modifying / Obtaining and modifying cookies, Getting ready, How it works...
  • vulnerabilities, identifying / Identifying vulnerabilities in cookies, How it works...
• crawling results
  • relevant files, identifying / Identifying relevant files and directories from crawling results, How to do it...
  • relevant directories, identifying / Identifying relevant files and directories from crawling results, How to do it...
• cross-site scripting
  • preventing / A3 – Preventing cross-site scripting, How to do it...
• cross-site scripting (XSS)
  • about / Identifying cross-site scripting (XSS) vulnerabilities
• cross-site scripting (XSS) vulnerabilities
  • identifying / Identifying cross-site scripting (XSS) vulnerabilities, How to do it..., How it works...
• cross site request forgery (CSRF) attack
  • about / Performing a cross-site request forgery attack
  • performing / Performing a cross-site request forgery attack, How to do it...
• crunch / See also
• CSRF
  • preventing / How to do it..., How it works...
  • URL / See also
• CVE Details
  • URL / How to do it...

D

• Damn Vulnerable Web Application (DVWA) / How to do it..., Getting ready
• data, between server and client
  • modifying / Modifying data between the server and the client, How to do it..., How it works...
• database information
  • obtaining, SQLMap used / Using SQLMap to get database information, How to do it..., How it works...
• DHCP Client Bash Environment Variable Code Injection
  • URL / There's more...
• dictionary
  • generating, with John the Ripper / Using John the Ripper to generate a dictionary, How to do it...
  • used, for cracking password hashes with John the Ripper (JTR) / Cracking password hashes with John the Ripper by using a dictionary, How to do it..., How it works...
• dictionary attacks
  • performing, on login pages with Burp Suite / Dictionary attacks on login pages with Burp Suite, How to do it..., How it works...
• DirBuster
  • used, for finding files / Finding files and folders with DirBuster, How to do it..., How it works...
  • used, for finding folders / Finding files and folders with DirBuster, How to do it..., How it works...
• disclosure mailing list
  • URL / How to do it...
• DNS spoofing
  • about / Performing DNS spoofing and redirecting traffic
  • traffic, redirecting / Performing DNS spoofing and redirecting traffic, How to do it..., How it works...
  • performing / Getting ready, How to do it..., How it works...

E

• encryption certificates
  • URL / See also
• error based SQL injection
  • identifying / Identifying error based SQL injection, How to do it..., How it works..., There's more...
• Ettercap
  • used, for setting up spoofing attack / Setting up a spoofing attack with Ettercap, Getting ready, How to do it..., How it works...
• Ettercap filters
  • used, for detecting packet information / Modifying data between the server and the client
• Exploit-DB
  • searching, for web server's vulnerabilities / Searching Exploit-DB for a web server's vulnerabilities, How to do it..., How it works...
  • URL / See also
• Exploit DB
  • URL / How to do it...
• Extensible Markup Language (XML) / Exploiting an XML External Entity Injection

F

• fake site
  • user, directing to / Tricking the user to go to our fake site, How to do it..., How it works...
• file inclusions
  • searching / Looking for file inclusions, How to do it..., There's more...
  • about / Looking for file inclusions
• file inclusion vulnerabilities / Abusing file inclusions and uploads
• files
  • finding, with DirBuster / Finding files and folders with DirBuster, How to do it..., How it works...
  • finding, with OWASP ZAP (Zed Attack Proxy) / Finding files and folders with ZAP, Getting ready, How to do it..., How it works...
• files, wordlists
  • rockyou.txt / There's more...
  • dnsmap.txt / There's more...
  • ./dirbuster/* / There's more...
  • ./wfuzz/* / There's more...
• filters
  • using / How to do it...
• Firebug
  • used, for analyzing basic behavior / Using Firebug to analyze and alter basic behavior, How to do it..., How it works...
  • used, for altering basic behavior / Using Firebug to analyze and alter basic behavior, How to do it..., There's more...
• folders
  • finding, with DirBuster / Finding files and folders with DirBuster, How to do it..., How it works...
  • finding, with OWASP ZAP (Zed Attack Proxy) / Finding files and folders with ZAP, Getting ready, How to do it..., How it works...
• function level access control
  • ensuring / A7 – Ensuring function level access control, How it works...

H

• Hackbar
  • about / Using Hackbar add-on to ease parameter probing
  • using, to ease parameter probing / Using Hackbar add-on to ease parameter probing, How to do it..., How it works...
• Heartbleed
  • reference / There's more...
• Heartbleed vulnerability
  • exploiting / Exploiting Heartbleed vulnerability, Getting ready, How to do it...
• HTTP Strict Transport Security (HSTS)
  • about / How to do it...
  • URL / How to do it...
• HTTrack
  • about / Downloading the page for offline analysis with HTTrack
  • URL / Downloading the page for offline analysis with HTTrack
  • used, for downloading page for offline analysis / Getting ready, How to do it..., How it works..., There's more...

I

• Iceweasel browser
  • setting up / Setting up the Iceweasel browser, How it works..., There's more...
• injection attacks
  • preventing / A1 – Preventing injection attacks, How it works..., See also
• injection flaws
  • about / Identifying error based SQL injection
• Insecure Direct Object Reference (IDOR)
  • about / A4 – Preventing Insecure Direct Object References
  • preventing / How to do it..., How it works...
• installation
  • OWASP Mantra / Installing and running OWASP Mantra, How to do it..., See also
  • VirtualBox / Installing VirtualBox, How to do it..., How it works..., See also
• intrusion detection system (IDS) / Identifying a web application firewall
• intrusion prevention system (IPS) / Identifying a web application firewall
• iptables
  • URL / See also

J

• John the Ripper
  • about / Using John the Ripper to generate a dictionary
  • used, for generating dictionary / Using John the Ripper to generate a dictionary, How it works...
  • URL / There's more...
• John the Ripper (JTR)
  • used, for cracking password hashes with dictionary / Cracking password hashes with John the Ripper by using a dictionary, How it works...
• Joomla
  • URL / How to do it...

K

• Kali Linux
  • updating / Updating and upgrading Kali Linux, How to do it...
  • upgrading / Updating and upgrading Kali Linux, How to do it..., How it works...
  • URL / Getting ready
  • sqlninja tool / See also
  • Bbqsql tool / See also
  • jsql tool / See also
  • Metasploit tool / See also
• known vulnerabilities
  • searching, on third-party components / A9 – Where to look for known vulnerabilities on third-party components, How it works...

L

• local file inclusion (LFI) / How to do it...
• login pages
  • dictionary attacks, performing with Burp Suite / Dictionary attacks on login pages with Burp Suite, How to do it...

M

• man in the middle (MITM) / Creating a client virtual machine
• Man in the Middle (MITM) attack
  • about / Introduction
  / Introduction
• Mantra on Chromium (MoC) / See also, How to do it..., There's more...
• Metasploit
  • used, for attacking Tomcat’s password / Attacking Tomcat's passwords with Metasploit, How to do it..., How it works..., See also
  • used, for creating reverse shell / Creating a reverse shell with Metasploit and capturing its connections, How to do it..., How it works...
  • browser_autpwn2, used for attacking client / Using Metasploit's browser_autpwn2 to attack a client, How to do it..., How it works...
• Microsoft
  • URL / How to do it...
• MITM
  • defining / Being the MITM and capturing traffic with Wireshark, How to do it..., How it works...
• modifiers, HTTrack
  • -rN / There's more...
  • -%eN / There's more...
  • +[pattern] / There's more...
  • -[pattern] / There's more...
  • -F [user-agent] / There's more...
• multi-factor authentication (MFA) / How to do it...

N

• Nikto
  • about / Scanning with Nikto
  • used, for scanning / Scanning with Nikto, How to do it..., How it works...
  • URL / Scanning with Nikto
  • -H option / How it works...
  • -config <file> option / How it works...
  • -update option / How it works...
  • -Format <format> option / How it works...
  • -evasion <technique> option / How it works...
  • -list-plugins option / How it works...
  • -Plugins <plugins> option / How it works...
  • -port <port number> option / How it works...
• Nmap
  • used, for scanning service / Scanning and identifying services with Nmap, How to do it..., How it works..., There's more...
  • used, for identifying service / Scanning and identifying services with Nmap, How to do it..., How it works..., See also
  • -sT parameter / There's more...
  • -Pn parameter / There's more...
  • -v parameter / There's more...
  • -p N1,N2,…,Nn parameter / There's more...
  • --script=script_name parameter / There's more...
  • scripts, URL / There's more...

O

• .ova file
  • URL / How to do it...
• oclHashcat/cudaHashcat
  • used, for cracking password hashes by brute force / Cracking password hashes by brute force using oclHashcat/cudaHashcat, Getting ready, How to do it..., How it works...
  • URL / Getting ready
• Open Web Application Security Project (OWASP)
  • vulnerabilities, URL / Introduction
  • reference links / See also
• options, SSLsplit
  • -D / How it works...
  • -l connections.log / How it works...
  • -j /tmp/sslsplit / How it works...
  • -S logdir / How it works...
  • -k and -c / How it works...
  • ssl 0.0.0.0 8443 / How it works...
  • tcp 0.0.0.0 8080 / How it works...
• options, Wget
  • -l / There's more...
  • -k / There's more...
  • -p / There's more...
  • -w / There's more...
• Oracle
  • URL / How to do it...
• Oracle VM VirtualBox®
  • URL / See also
• OS Command Injections
  • exploiting / Exploiting OS Command Injections, How to do it..., How it works...
• OWASP
  • URL / Installing and running OWASP Mantra
• OWASP Broken Web Apps (OWASP-bwa) / Creating a vulnerable virtual machine
• OWASP Mantra
  • installing / Installing and running OWASP Mantra, How to do it...
  • URL / Installing and running OWASP Mantra
  • running / Installing and running OWASP Mantra, How to do it..., See also
• OWASP ZAP
  • used, for scanning for vulnerabilities / Using OWASP ZAP to scan for vulnerabilities, How to do it..., How it works..., There's more...
• OWASP ZAP (Zed Attack Proxy)
  • used, for finding files / Finding files and folders with ZAP, Getting ready, How to do it...
  • used, for finding folders / Finding files and folders with ZAP, Getting ready, How to do it..., How it works...

P

• Packet Storm
  • URL / How to do it...
• Padding Oracle On Downgraded Legacy Encryption (POODLE) / Identifying POODLE vulnerability
• page
  • downloading for offline analysis, Wget used / Downloading a page for offline analysis with Wget, How to do it..., There's more...
  • downloading for offline analysis, HTTrack used / Downloading the page for offline analysis with HTTrack, How to do it..., How it works..., There's more...
• password
  • profiling, CeWL used / Password profiling with CeWL, How it works...
• password harvester
  • creating, with SET / Creating a password harvester with SET, How to do it..., How it works...
• password hashes
  • cracking, with John the Ripper (JTR) by using dictionary / Cracking password hashes with John the Ripper by using a dictionary, How to do it..., How it works...
  • cracking, by brute force with oclHashcat/cudaHashcat / Cracking password hashes by brute force using oclHashcat/cudaHashcat, How to do it...
• passwords
  • bruteforcing, with THC-Hydra passwords / Brute-forcing passwords with THC-Hydra, How to do it..., How it works...
  • reference link / How to do it...
• passwords, Tomcat
  • attacking, with Metasploit / Attacking Tomcat's passwords with Metasploit, How to do it..., How it works...
• payloads
  • simple list / How it works...
  • runtime file / How it works...
  • numbers / How it works...
  • username generator / How it works...
  • bruteforcer / How it works...
• payment gateway
  • URL / How to do it...
• phishing site
  • creating, with previously saved pages / Using previously saved pages to create a phishing site, How to do it..., How it works...
• PHPSESSID
  • about / How to do it, There's more...
• POODLE vulnerability
  • identifying / Identifying POODLE vulnerability, How it works...
• proof of concept (PoC) / How it works...
• proper authentication
  • building / A2 – Building proper authentication and session management, How to do it..., How it works...

R

• reconnaissance
  • about / Introduction
• redirect validation
  • performing / How to do it..., How it works...
• referenced files and directories list
  • identifying, from crawling results / Identifying relevant files and directories from crawling results, How to do it...
• RegExr
  • URL / See also
• Regular Expressions
  • reference links / See also
• requests
  • sending, with Burp's repeater / Repeating requests with Burp's repeater, How to do it..., How it works...
• reverse shell
  • connection, capturing / Creating a reverse shell with Metasploit and capturing its connections, How to do it..., How it works...
  • creating, with Metasploit / Creating a reverse shell with Metasploit and capturing its connections, How to do it..., How it works...
• robots.txt
  • about / Taking advantage of robots.txt
  • using / Taking advantage of robots.txt, How to do it..., How it works...

S

• security configuration guide
  • using / How to do it..., How it works...
• sensitive data
  • protecting / A6 – Protecting sensitive data, How it works...
• services
  • scanning, with Nmap / Scanning and identifying services with Nmap, How to do it..., How it works..., There's more...
  • identifying, with Nmap / Scanning and identifying services with Nmap, How to do it..., How it works..., There's more...
• session cookies
  • obtaining, through XSS / Obtaining session cookies through XSS, Getting ready, How to do it..., How it works...
• session management
  • building / A2 – Building proper authentication and session management, How to do it..., How it works...
• SET
  • used, for creating password harvester / Creating a password harvester with SET, How to do it..., How it works...
  • URL / Creating a password harvester with SET
• Shellshock
  • about / Executing commands with Shellshock
  • used, for executing commands / Executing commands with Shellshock, How to do it..., How it works...
• source code
  • watching / Watching the source code, How to do it..., How it works...
• spoofing attack
  • setting up, Ettercap used / Setting up a spoofing attack with Ettercap, How to do it..., How it works...
• SQL injection
  • used, for information extraction from database / Step by step basic SQL Injection, How to do it..., How it works...
  • exploiting / Step by step basic SQL Injection, How to do it..., How it works...
  • exploiting, with SQLMap / Finding and exploiting SQL Injections with SQLMap, How to do it..., How it works...
  • finding, with SQLMap / Finding and exploiting SQL Injections with SQLMap, How to do it..., How it works...
• SQLMap
  • used, for finding SQL injection / How to do it..., How it works..., See also
  • used, for exploiting SQL injection / How to do it..., How it works..., See also
  • URL / There's more...
  • used, for obtaining database information / Using SQLMap to get database information, How to do it..., How it works...
• sqlninja
  • URL / There's more...
• src property / How it works...
• SSL data
  • obtaining, with SSLsplit / Getting ready, How to do it..., How it works...
• SSL information
  • obtaining, with SSLScan / Obtaining SSL and TLS information with SSLScan, How to do it..., How it works...
• SSL MITM attack
  • setting up / Setting up an SSL MITM attack, How to do it..., See also
• SSLScan
  • SSL and TLS information, obtaining with / Obtaining SSL and TLS information with SSLScan, How to do it..., How it works...
  • about / See also
• SSLsplit
  • URL / See also
  • used, for obtaining SSL data / Obtaining SSL data with SSLsplit, How to do it..., How it works...
• system() function / How it works...

T

• Tamper Data
  • using, for intercepting and modifying requests / Using Tamper Data add-on to intercept and modify requests, How to do it..., How it works...
• THC-Hydra
  • about / Brute-forcing passwords with THC-Hydra
  • used, for bruteforcing passwords / Brute-forcing passwords with THC-Hydra, How to do it..., How it works...
• third-party components
  • known vulnerabilities, searching / A9 – Where to look for known vulnerabilities on third-party components, How it works...
• TLS information
  • obtaining, with SSLScan / Obtaining SSL and TLS information with SSLScan, How to do it..., How it works...
• Tomcat Manager
  • used, for executing code / Using Tomcat Manager to execute code, How to do it..., How it works...

V

• Vega scanner
  • about / Using Vega scanner
  • using / Using Vega scanner, How to do it..., How it works...
• VirtualBox
  • installing / Installing VirtualBox, How to do it..., How it works..., See also
• VirtualBox Extension Pack
  • URL / There's more...
• virtual machines
  • URL, for download / How to do it...
  • configuring / Configuring virtual machines for correct communication, How to do it...
• vulnerabilities
  • identifying, in cookies / Identifying vulnerabilities in cookies, How it works...
  • finding, with Wapiti / Finding vulnerabilities with Wapiti, How to do it..., How it works...
  • scanning, with OWASP ZAP / Using OWASP ZAP to scan for vulnerabilities, How to do it..., How it works..., There's more...
• vulnerabilities, Open Web Application Security Project (OWASP)
  • injection attacks, preventing / A1 – Preventing injection attacks
  • proper authentication, building / A2 – Building proper authentication and session management
  • session management, building / A2 – Building proper authentication and session management
  • cross-site scripting, preventing / A3 – Preventing cross-site scripting
  • Insecure Direct Object Reference (IDOR), preventing / A4 – Preventing Insecure Direct Object References
  • security configuration guide / A5 – Basic security configuration guide
  • sensitive data, protecting / A6 – Protecting sensitive data
  • function level access control, ensuring / A7 – Ensuring function level access control
  • CSRF, preventing / A8 – Preventing CSRF
  • known vulnerabilities, searching on third-party components / A9 – Where to look for known vulnerabilities on third-party components
  • redirect validation / A10 – Redirect validation
• vulnerabilities, web server
  • Exploit-DB, searching for / Searching Exploit-DB for a web server's vulnerabilities, How to do it..., How it works...
  • reference links / See also
• vulnerability assessment / Introduction
• vulnerable virtual machine
  • creating / Creating a vulnerable virtual machine, How to do it..., How it works..., See also
• vulnerable VM
  • web applications / Getting to know web applications on a vulnerable VM, How to do it..., How it works...
• VulnHub
  • URL / See also

W

• Wapiti
  • used, for finding vulnerabilities / Finding vulnerabilities with Wapiti, How to do it..., How it works...
  • URL / Finding vulnerabilities with Wapiti
  • -x <URL> option / How it works...
  • -i <file> option / How it works...
  • -a <login%password> option / How it works...
  • --auth-method <method option / How it works...
  • -s <URL> option / How it works...
  • -p <proxy_url> option / How it works...
• web application, penetration-testing
  • Cookies Manager+ / How it works...
  • Firebug / How it works...
  • Hackbar / How it works...
  • Http Requester / How it works...
  • Passive Recon / How it works...
  • Tamper Data / How it works...
• Web Application Audit and Attack Framework (W3af)
  • about / Scanning with w3af
  • scanning / How to do it..., How it works...
• web application firewall (WAF)
  • about / Identifying a web application firewall
  • identifying / Identifying a web application firewall, How to do it..., How it works...
• web applications
  • on vulnerable VM / Getting to know web applications on a vulnerable VM, How to do it..., How it works...
  • organizing, in groups / How it works...
• Web Protection library
  • URL / How to do it...
• WebScarab
  • about / Using WebScarab
  • using / Getting ready, How to do it...
• webshell
  • executing, with local file inclusions / Abusing file inclusions and uploads, How to do it..., There's more...
• website
  • crawling, with Burp Suite / Using Burp Suite to crawl a website, Getting ready, How to do it..., How it works...
• Web vulnerabilities
  • finding with Metasploit's Wmap / Finding Web vulnerabilities with Metasploit's Wmap, Getting ready, How to do it..., How it works...
• Wget
  • about / Downloading a page for offline analysis with Wget
  • used, for downloading page for offline analysis / Downloading a page for offline analysis with Wget, How to do it..., There's more...
• Wireshark
  • used, for capturing traffic / Being the MITM and capturing traffic with Wireshark, How to do it..., How it works...
  • reference links / See also
• Wmap, Metasploit
  • used, for searching Web vulnerabilities / Finding Web vulnerabilities with Metasploit's Wmap, How to do it..., How it works...
• Wordlist Maker (WLM)
  • about / See also
  • URL / See also
• wrappers
  • URL / There's more...

X

• XML External Entity Injection (XEE)
  • exploiting / Exploiting an XML External Entity Injection, How to do it..., How it works...
  • URL / See also
• XSS
  • session cookies, obtaining through / Obtaining session cookies through XSS, Getting ready, How to do it..., How it works...
  • exploiting, BeEF used / Exploiting XSS with BeEF, How to do it..., How it works...
• XSS prevention cheat sheet
  • URL / See also

Z

• ZAP
  • using, for viewing and altering requests / Using ZAP to view and alter requests, How to do it..., How it works...
  • about / Using ZAP to view and alter requests
• ZAP's spider
  • using / Using ZAP's spider, How to do it..., How it works...