Be a loving person rather than in a love relationship because relationships happen one day and disappear another day. They are flowers; in the morning they bloom, by the evening they are gone. But people find it very difficult to be a loving person, a loving soul, so they create a relationship and be fool that way that "Now I am a loving person because I am in a relationship". And the relationship may be just one of monopoly, possessiveness and exclusiveness. The relationship is needed only because love is not there. Relationship is a substitute. Become alert! Relationship destroys love, destroys the very possibility of its birth.
Monday, 10 February 2014
Web App Attack Tools and Techniques
Hello everyone i am continuing form where i left in last part 2. Now will discuss further more tools for penetration testing.
Web Application Audit and Attack Framework
– Discovery to find vulnerabilities
– Exploitation to take control of a target application or its underlying server
w3af Exploits
• w3af includes a number of web app exploits, including:
– xssBeEF is the XSS tool
– sqlmap is an entire SQL injection exploit tool
• Includes an OS shell used through SQLi
– mysqlWebShell provides shell access using SQL injection on MySQL target
– osCommandingShell is a command shell created through command injection flaws
A Combined Pen Test Scenario
Start with Client-Side Exploit of XP Box
Pivot Through XP Box to Exploit Vista Machine
RFMON Wireless Network Enumeration and Discovery
Leveraging Compromised Client Wireless Preferences
Use w3af to Scan Intranet Web Application
Retrieve PII Files from Corporate Web Server
That's it, Done. Now let's have some conclusion from this. That will help you going forward.
Conclusions
– Combining web app, network, and wireless penetration testing isvery powerful
Web Application Audit and Attack Framework
- w3af is a well-known web attack framework
- w3af combines all of the necessary pieces to accomplish an entire web attack
– Discovery to find vulnerabilities
– Exploitation to take control of a target application or its underlying server
- With network access, w3af provides an excellent framework to take our attack to the next level
- Here is the beginning w3af’s information gathering
- We are setting up a scan of a target web application
- We are able to choose our plug-ins and targets
- We can use this interface to scan an application for exploitable vulnerabilities
w3af Exploits
• w3af includes a number of web app exploits, including:
– xssBeEF is the XSS tool
– sqlmap is an entire SQL injection exploit tool
• Includes an OS shell used through SQLi
– mysqlWebShell provides shell access using SQL injection on MySQL target
– osCommandingShell is a command shell created through command injection flaws
A Combined Pen Test Scenario
Start with Client-Side Exploit of XP Box
Pivot Through XP Box to Exploit Vista Machine
RFMON Wireless Network Enumeration and Discovery
Leveraging Compromised Client Wireless Preferences
Use w3af to Scan Intranet Web Application
Retrieve PII Files from Corporate Web Server
That's it, Done. Now let's have some conclusion from this. That will help you going forward.
Conclusions
- Combined attack vectors allow for far deeper penetration into most target networks than separate vectors allow
– Combining web app, network, and wireless penetration testing isvery powerful
- This combination provides a much more accurate view of the business risks posed by vulnerabilities than offered by completely separate network, wireless, and web app tests
- We’ve looked at useful features of Metasploit, Vista wireless power tools, and w3af
- In Part IV of this webcast trilogy, we’ll look at additional attack vectors and tools for further combining these three disciplines and discuss where this type of testing may be headed in the Future.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
After studying or while studying, you may to work or you many want to have rather you would like to have some job experience. That will sur...
-
Have you heard about, facebook has overtaken whatsapp. What you think out of it. Hello, there, facebook is using whatsapp. I will be tak...
-
.jpg)
Hello everyone, I'm back with hacking tutorial. This time i'm introducing to you how to hack facebook account using simple text ... -
Hello there, Welcome to our blog. How you all are, Hope you all doing great. On our blog you will find support for tech, hacking and socia... -
hello folks!, how you are all, this time i'm here to share some queries about OSI and TCP/IP model. Query 1 according to you, Wh...
-
Apple is one of the most chosen products by people. Time by time it had produced such a concepts that has stunned most of us. Here as it...
-
Access Control Lists Introduction Hello everyone. How are you all. This time i'm going to discuss about Access control list with ... -
Hello there, Welcome to our blog. How you all are, Hope you all doing great. On our blog you will find support for tech, hacking and so...
-
Social media is very important part of our life. I mean everyone's life. We can't have our food digest until we don't chat for...
-
Certified Ethical hacking Hello Folks, How ...
0 comments:
Post a Comment