ebook img

Hacklog Volume 2 Web Hacking: Handbook on IT Security and Ethical Hacking PDF

497 Pages·2018·19.696 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Hacklog Volume 2 Web Hacking: Handbook on IT Security and Ethical Hacking

WARNINGS The violation of someone else's computer or network is a crime punishable by Italian law (Article 615 ter of the Criminal Code). The procedures described are to be considered for educational / illustrative / informative purposes only and put into practice only on devices in our possession or in controlled test environments, therefore the reader releases the authors of this document from any responsibility regarding the notions assimilated during the course and the verifiable consequences. What is narrated in some parts of this book is a work of fiction. Any reference to things, people or events that really happened is purely coincidental. NOTES ON THE WORK The contents of Hacklog: Volume 2 are released for free for the whole network and available in various formats, according to the self-regulation of ethical hacking and respect for the cultural realities that practice it. You are free to take parts of the document for any work, appropriately citing the source (Hacklog di inforge.net) and possibly where possible with hypertext link at the bottom. Being a project that has taken a long time, I believe that if the document was useful for the purposes of third party projects, it is shared out of respect for myself, my collaborators, financiers and those who believed in it. COPYRIGHT The text content and images of the Hacklog: Volume 2 ebook are licensed Creative Commons 4.0 Italy, not replicable, no derivative works, commercial. The owner of the rights of this document is Stefano Novelli and it is distributed by inforge.net. Hacker Manifesto 2.0 This is our world now ... the world of the electron and the switch, the beauty of the band. We use a service that already exists without paying AND that would be lousy cheap if it weren't run by greedy gluttons too busy thinking about which tie to wear to the office rather than stopping for even 5 fucking seconds to wonder if this is the world they want to leave. to those who will come after us. ... and then we would be the criminals. You see, we are explorers, we seek knowledge in the sea of shit that you make us swallow every day with your propaganda, with your advertisements, with those 4-penny puppets you use to convince us to think and do what you have already decided for us . “Damn kid. It does not undertake. He probably copied it. He's taking up the phone line again. They are all the same..." You can bet your ass we're all the same ... They fed us homogenized at school when we craved steak. The bits of meat you let pass were pre-chewed and tasteless. We have been dominated by sadists or ignored by apathetic and the few who had something to teach us found eager pupils in us, but those few are like drops of water in the desert. We exist without skin color, without nationality, without religious or sexual bias ... and you call us criminals. You build atomic bombs, start wars, kill, deceive, you lie and try to make us believe it is for our good ... yet we are the criminals. Yes, I am a criminal. My crime is curiosity. My crime is to judge people by what they say and think, not by how they look. My crime was to outclass you, something you will never forgive me for. I am a hacker, and this is my manifesto. You can stop me, but you can't stop us all ... after all, we are all the same. Inspired by "The Conscience of a Hacker" by The Mentor January 8, 1986 There are two types of websites: those that have already been hacked and those who have yet to be. To the souls of those watching me from up there. May your spirits finally find peace. Stefano Novelli GLOSSARY Preface read the Manual If you don't know anything about WorldWide Web and IT Security If you already have some WWW and IT Security development experience If you are already a WWW and IT Security expert Legend LAB Web Hacking 1. Introduction IT Security 1.1 Is the Web ... Easy? 1.2 Man vs Machine 1.3 Ethical (and non) ethical reasons for carrying out cyber attacks 1.4 The Defense starts from the Attack 1.4.1 Software or Administrator's Fault? 1.5 Attack approaches 1.5.1 Vulnerability Assessment and Penetration Testing 1.5.2 White, Gray and Black Box 1.5.2.1 White-Box testing 1.5.2.2 Black-Box testing 1.6 Exploit, Payload and Disclosure 1.7 How to "pierce" a Website 1.8 Ready, Set, Wait! 2. The Tools of the Trade 2.1 Attack Environment 2.1.1 Create your own Attack Virtual Machine 2.2 Defense Environment 2.2.1 Create the Victim Virtual Machine 2.2.2 Configure the Virtual Machine Victim 2.3 Two Virtual Machines, one network 2.4 Metasploitable, the third wheel 2.4.1 Create the Metasploitable Virtual Machine 2.4.2 Configure Metasploitable 2.5 The Terminal 2.6 Interceptor Proxy 2.7 Analyze / Inspect Element 2.8 Metasploit Framework 3. WWW Fundamentals 3.1 What happens when we browse? 3.2 The hard life of the Web Server 3.2.1 Hosting, Cloud, VPS and Server 3.2.2 Reverse Proxy Server 3.2.3 From Domain to IP (DNS) 3.2.3.1 Basic DNS resolution 3.2.3.2 Record Types 3.3 Hello, World! 3.3.1 HTML, the foundation of the Web 3.3.2 CSS, the "coat of paint" 3.3.3 Javascript, the all-rounder client 3.4 Browse the web 3.4.1 URL 3.4.2 The Protocol 3.4.3 HTTP and HTTPS 3.5 Dynamic navigation 3.5.1 PHP 3.5.2 PHP and HTML, a marriage that has to be done 3.5.3 A login page? Of course! 3.5.3.1 Transfer of Data 3.5.3.2 If, Elseif and Else statements 3.5.3.3 GET and POST methods 3.5.3.4 Cookies 3.5.3.5 Sessions 3.5.3.6 Our first web application 3.6 Database 3.6.1 Tables, Rows and Columns 3.6.2 The importance of the ID 3.6.3 Relations between Tables 3.6.4 Our first database 3.6.5 phpMyAdmin, the friend of the Databases 3.6.5.1 Creating a Table 3.6.5.2 Manipulating Values 3.6.6 The SQL language 3.6.6.1 Surviving in SQL 3.6.6.2 Conditions in SQL 3.6.6.3 Types of Values in SQL 3.6.7 PHP and Databases, the perfect combo 3.7 Your first hack 3.8 CMS 3.8.1 Damn Vulnerable Web Application (DVWA) 3.8.1.1 Download DVWA 3.8.1.2 Configure DVWA 3.8.1.3 Install DVWA 3.9 Beyond the fundamentals 4. Scanning (Information Gathering) 4.1 Domain 4.1.1 Whois Domain Attack: Whois to the Domain Defense: Whois Domain 4.2 The IP address 4.2.1 ICMP Echo Attack: Ping Sweep Defense: Ping Sweep 4.2.2 ARP and TCP Attack: Ping ARP and TCP 4.2.3 DNS Lookup Attack: DNS Lookup 4.2.4 Whois IP Attack: Whois IP 4.3 Intermediate Infrastructures 4.3.1 Reverse Proxy Check Attack: Reverse Proxy Check Attack: Manual Common DNS Resolving Attack: Common DNS Enumeration Attack: Reverse Proxy Resolving Defense: Reverse Proxy Resolving Attack: DNS History Defense: DNS History 4.3.2 Manual extrapolation of IPs Attack: IP Extraction by Mail Defense: IP Extraction by Mail Attack: IP Extraction by Upload Defense: IP Extraction by Upload 4.3.3 Host file 4.3.4 Advanced Protections Defense: HTTPWhitelisting Defense: SSHWhitelisting Defense: Honeypot Blacklisting Defense: Geoblocking Defense: User Agent Block Defense: WAF, IDS and Scenarios 4.4 Active Services 4.4.1 Determine the active ports Attack: Port Scan Attack: Port Scan (Metasploit) 4.4.2 Determine the Operating System Attack: OS Detection Attack: OS Detection (MSF) 4.4.3 Determine the Web Server Attack: Web Server Detection Attack: Web Server Detection (MSF) Attack: DBMS Detection (MSF) Defense: Scan Detection (IDS) 4.5 Web Application 4.5.1 Determine Directories Attack: Directory Listing Defense: Directory Listing 4.5.2 Determine Languages and Framework 4.5.2.1 Common extensions 4.5.2.2 Manual enumeration 4.5.3 Determine the CMS Attack: CMS Detection 4.5.4 Determine the CMS Data 4.5.4.1 Enumeration of Username Attack: Wordpress Enumeration Attack: Joomla Enumeration Attack: Drupal Enumeration 4.6 OSINT 4.6.1 Historical Archives 4.6.2 Google 4.6.2.1 Operators in Google 4.6.2.2 Google Hacking 4.6.3 Shodan 4.6.4 Advanced OSINT 4.7 Local output 4.8 Reporting 4.8.1 Maltego 4.8.2 The first graph 4.8.3 Organization first of all! 4.8.4 Unlimited Expansions Attack: Data Mining Recon 5. Attacks on the Domain 5.1 Domain Hijacking 5.1.1 Domain Expiration 5.1.2 Transfer of a Domain 5.2 Cybersquatting 5.2.1 Typosquatting 5.2.2 Homography Attack: Domain Typo Detection Attack: Sub-Domain TakeOver 6. Authentication Attacks 6.1 Password Storage on the Web 6.1.1 Hash, how to save passwords on the web 6.1.2 MD5, the hash history of the Web 6.1.3 Rainbow Tables 6.1.4 MD5 security and other weak hashes 6.1.5 Salt Password 6.1.6 Bcrypt 6.2 How do users authenticate? 6.2.1 HTTP Authentication 6.2.1.1 HTTP Basic Authentication 6.2.1.2 HTTP Digest Authentication

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.