7-2: An XSS attack in action.FIGURE 7-3: A CSRF/XSRF attack in action.FIGURE 7-4: A CSRF/XSRF attack is prevented by checking for synchronization tok...FIGURE 7-5: Directory traversal attacks navigate the file system.FIGURE 7-6: Logging into the DVWA site.FIGURE 7-7: The URL for the change password page.FIGURE 7-8: Viewing all data with SQL injection attack.FIGURE 7-9: Using SQL injection to view column information.FIGURE 7-10: Retrieving the list of usernames and password hashes.FIGURE 7-11: Cracking password hashes with John the Ripper. 8 Chapter 8FIGURE 8-1: Identifying vulnerabilities with Nessus.FIGURE 8-2: Searching Metasploit for an exploit.FIGURE 8-3: Exploiting a Windows system to get a meterpreter session.FIGURE 8-4: The core commands in a meterpreter session.FIGURE 8-5: Retrieving information about the current context.FIGURE 8-6: Using run winenum to enumerate the target system and network.FIGURE 8-7: Viewing the logs generated by the run winenum command.FIGURE 8-8: Gaining shell access from a meterpreter session.FIGURE 8-9: Retrieving the password hashes.FIGURE 8-10: Attaching to another process with the migrate command.FIGURE 8-11: Using VNC to view a victim’s activity.FIGURE 8-12: Capturing keystrokes from the compromised system.FIGURE 8-13: Lateral movement from a compromised system.FIGURE 8-14: Dumping the hashes to use in pass the hash.FIGURE 8-15: Locating other systems with arp_scanner.FIGURE 8-16: Lateral movement with telnet.FIGURE 8-17: Viewing user accounts on a laterally compromised system.FIGURE 8-18: Creating a backdoor user account.FIGURE 8-19: Covering your tracks with the clearev command.
9 Chapter 9FIGURE 9-1: Using Nikto to do a web application vulnerability scan.FIGURE 9-2: Using w3af to perform different types of vulnerability checks on a ...FIGURE 9-3: Using SQLmap to automate SQL injection attacks.FIGURE 9-4: Inspecting the http post request.FIGURE 9-5: Using Hydra to crack credentials for the website.FIGURE 9-6: Using John the Ripper to crack password hashes.FIGURE 9-7: Using Wifite to automate wireless attacks.FIGURE 9-8: OWASP ZAP finds vulnerabilities in web applications.FIGURE 9-9: SET is a social engineering tool that makes it easy to create diffe...FIGURE 9-10: Using Nmap to locate systems (left) and then using Hydra to attemp...FIGURE 9-11: Using xHydra — the GUI version of Hydra.FIGURE 9-12: Cracking password hashes with John the Ripper.FIGURE 9-13: Dumping the hashes to use with a password cracker.FIGURE 9-14: Using Ncat (left) and Netcat (right) to create a bind shell.
10 Chapter 11FIGURE 11-1: Risk rating scores for vulnerabilities.
Guide
1 Cover
4 Table of Contents
7 Index
8 About the Author
Pages
1 i
2 iii
3 iv
4 1
5 2
6 3
7 4
8 5
9 6
10 7
11 8
12 9
13 10
14 11
15 12
16 13
17 14
18 15
19 16
20 17
21 18
22 19
23 20
24 21
25 22
26 23
27 24
28 25
29 26
30 27
31 28
32 29
33
