وبلاگ بلیان

Hacklog Volume 2 Web Hacking: Handbook on IT Security and Ethical Hacking

جلد کتاب Hacklog Volume 2 Web Hacking: Handbook on IT Security and Ethical Hacking

معرفی کتاب «Hacklog Volume 2 Web Hacking: Handbook on IT Security and Ethical Hacking» نوشتهٔ Jenny Han و Stefano Novelli, Marco Silvestri، منتشرشده توسط نشر Aslam M U B در سال 2018. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

Web Hacking 1. Introduction IT Security 1.1 Is the Web ... Easy? 1.2 Man vs Machine 1.3 Ethical (and non) ethical reasons for carrying out cyber attacks 1.4 The Defense starts from the Attack 1.4.1 Software or Administrator's Fault? 1.5 Attack approaches 1.5.1 Vulnerability Assessment and Penetration Testing 1.5.2 White, Gray and Black Box 1.5.2.1 White-Box testing 1.5.2.2 Black-Box testing 1.6 Exploit, Payload and Disclosure 1.7 How to "pierce" a Website 1.8 Ready, Set, Wait! 2. The Tools of the Trade 2.1 Attack Environment 2.1.1 Create your own Attack Virtual Machine 2.2 Defense Environment 2.2.1 Create the Victim Virtual Machine 2.2.2 Configure the Virtual Machine Victim 2.3 Two Virtual Machines, one network 2.4 Metasploitable, the third wheel 2.4.1 Create the Metasploitable Virtual Machine 2.4.2 Configure Metasploitable 2.5 The Terminal 2.6 Interceptor Proxy 2.7 Analyze / Inspect Element 2.8 Metasploit Framework 3. WWW Fundamentals 3.1 What happens when we browse? 3.2 The hard life of the Web Server 3.2.1 Hosting, Cloud, VPS and Server 3.2.2 Reverse Proxy Server 3.2.3 From Domain to IP (DNS) 3.2.3.1 Basic DNS resolution 3.2.3.2 Record Types 3.3 Hello, World! 3.3.1 HTML, the foundation of the Web 3.3.2 CSS, the "coat of paint" 3.3.3 Javascript, the all-rounder client 3.4 Browse the web 3.4.1 URL 3.4.2 The Protocol 3.4.3 HTTP and HTTPS 3.5 Dynamic navigation 3.5.1 PHP 3.5.2 PHP and HTML, a marriage that has to be done 3.5.3 A login page? Of course! 3.5.3.1 Transfer of Data 3.5.3.2 If, Elseif and Else statements 3.5.3.3 GET and POST methods 3.5.3.4 Cookies 3.5.3.5 Sessions 3.5.3.6 Our first web application 3.6 Database 3.6.1 Tables, Rows and Columns 3.6.2 The importance of the ID 3.6.3 Relations between Tables 3.6.4 Our first database 3.6.5 phpMyAdmin, the friend of the Databases 3.6.5.1 Creating a Table 3.6.5.2 Manipulating Values 3.6.6 The SQL language 3.6.6.1 Surviving in SQL 3.6.6.2 Conditions in SQL 3.6.6.3 Types of Values in SQL 3.6.7 PHP and Databases, the perfect combo 3.7 Your first hack 3.8 CMS 3.8.1 Damn Vulnerable Web Application (DVWA) 3.8.1.1 Download DVWA 3.8.1.2 Configure DVWA 3.8.1.3 Install DVWA 3.9 Beyond the fundamentals 4. Scanning (Information Gathering) 4.1 Domain 4.1.1 Whois Domain Attack: Whois to the Domain Defense: Whois Domain 4.2 The IP address 4.2.1 ICMP Echo Attack: Ping Sweep Defense: Ping Sweep 4.2.2 ARP and TCP Attack: Ping ARP and TCP 4.2.3 DNS Lookup Attack: DNS Lookup 4.2.4 Whois IP Attack: Whois IP 4.3 Intermediate Infrastructures 4.3.1 Reverse Proxy Check Attack: Reverse Proxy Check Attack: Manual Common DNS Resolving Attack: Common DNS Enumeration Attack: Reverse Proxy Resolving Defense: Reverse Proxy Resolving Attack: DNS History Defense: DNS History 4.3.2 Manual extrapolation of IPs Attack: IP Extraction by Mail Defense: IP Extraction by Mail Attack: IP Extraction by Upload Defense: IP Extraction by Upload 4.3.3 Host file 4.3.4 Advanced Protections Defense: HTTPWhitelisting Defense: SSHWhitelisting Defense: Honeypot Blacklisting Defense: Geoblocking Defense: User Agent Block Defense: WAF, IDS and Scenarios 4.4 Active Services 4.4.1 Determine the active ports Attack: Port Scan Attack: Port Scan (Metasploit) 4.4.2 Determine the Operating System Attack: OS Detection Attack: OS Detection (MSF) 4.4.3 Determine the Web Server Attack: Web Server Detection Attack: Web Server Detection (MSF) Attack: DBMS Detection (MSF) Defense: Scan Detection (IDS) 4.5 Web Application 4.5.1 Determine Directories Attack: Directory Listing Defense: Directory Listing 4.5.2 Determine Languages and Framework 4.5.2.1 Common extensions 4.5.2.2 Manual enumeration 4.5.3 Determine the CMS Attack: CMS Detection 4.5.4 Determine the CMS Data 4.5.4.1 Enumeration of Username Attack: Wordpress Enumeration Attack: Joomla Enumeration Attack: Drupal Enumeration 4.6 OSINT 4.6.1 Historical Archives 4.6.2 Google 4.6.2.1 Operators in Google 4.6.2.2 Google Hacking 4.6.3 Shodan 4.6.4 Advanced OSINT 4.7 Local output 4.8 Reporting 4.8.1 Maltego 4.8.2 The first graph 4.8.3 Organization first of all! 4.8.4 Unlimited Expansions Attack: Data Mining Recon 5. Attacks on the Domain 5.1 Domain Hijacking 5.1.1 Domain Expiration 5.1.2 Transfer of a Domain 5.2 Cybersquatting 5.2.1 Typosquatting 5.2.2 Homography Attack: Domain Typo Detection Attack: Sub-Domain TakeOver 6. Authentication Attacks 6.1 Password Storage on the Web 6.1.1 Hash, how to save passwords on the web 6.1.2 MD5, the hash history of the Web 6.1.3 Rainbow Tables 6.1.4 MD5 security and other weak hashes 6.1.5 Salt Password 6.1.6 Bcrypt 6.2 How do users authenticate? 6.2.1 HTTP Authentication 6.2.1.1 HTTP Basic Authentication 6.2.1.2 HTTP Digest Authentication 6.2.2 Web App Authentication 6.2.2.1 Authentication Templates 6.2.3 Password Guessing Attack: Password Default Attack: Password "Lazy" Attack: Password Recovery Attack: Password Default Defense: Password Guessing 6.2.4 Brute Force Attacks 6.2.4.1 Bruteforcing 6.2.4.2 Dictionary Attack LAB: Basic Password List Generation LAB: Advanced Password List Generation 6.2.5 LAB: Bruteforcing Attack: Bruteforce HTTP Auth Defense: Bruteforce HTTP Auth 6.2.6 LAB: Bruteforcing Web Attack: Bruteforce Web Form "Low" Attack: Bruteforce Web Form "Medium" Attack: Bruteforce Web Form "High" Defense: Brute Force Web Form 7. Attacks on the Session 7.1 Insecure Captcha 7.1.1 Types of Captcha Attacks 7.1.2 LAB: Insecure Captcha Bypass Attack: Insecure CAPTCHA "Low" Attack: Insecure CAPTCHA "Medium" Attack: Insecure CAPTCHA "High" Defense: Insecure CAPTCHA 7.2 Session Prediction 7.2.1 LAB: Weak Session ID Attack: Weak Session ID "Low" Attack: Weak Session ID "Medium" Attack: Weak Session ID "High" Defense: Weak Session ID 7.3 Cross-Site Request Forgery 7.3.1 LAB: Cross-Site Request Forgery Attack: Cross-Site Request Forgery "Low" Attack: Cross-Site Request Forgery "Medium" LAB: Cross-Site Request Forgery "High" Defense: Cross-Site Request Forgery 8. Injection connections 8.1 Cross-Site Scripting 8.1.1 Types of XSS attacks 8.1.1.1 Stored XSS 8.1.1.2 Reflected XSS 8.1.1.3 DOM Based XSS 8.1.2 LAB: Stored Cross-Site Scripting Attack: Stored XSS "Low" Attack: Stored XSS "Medium" Attack: Stored XSS "High" Payload: Cookie Grabbing & Manipulation Defense: Stored XSS 8.1.3 LAB: Reflected Cross-Site Scripting Attack: Reflected XSS "Low" Attack: Reflected XSS "Medium" Attack: Reflected XSS "High" Payload: XSS Redirect Defense: Reflected XSS 8.1.4 LAB: DOM Based Cross-Site Scripting Attack: DOMBased XSS "Low" Attack: DOMBased XSS "Medium" Attack: DOMBased XSS "High" Defense: DOMBased XSS 8.2 Command Execution 8.2.1 Sanitizing the Input 8.2.2 Performing a non-input 8.2.3 Remote Command Execution 8.2.3.1 LAB: Remote Command Execution Attack: Command Execution "Low" Attack: Command Execution "Medium" Attack: Command Execution "High" Defense: Command Execution 8.3 SQL Injection 8.3.1 LAB: SQL Injection Attack: SQL Injection "Low" Attack: SQL Injection "Medium" Attack: SQL Injection "High" Payload: Dangerous SQL Query Defense: SQL Injection 8.4 Blind SQL Injection 8.4.1 LAB: Blind SQL Injection Attack: Blind SQL Injection "Low" Attack: Blind SQL Injection "Medium" Attack: Blind SQL Injection "High" Defense: Blind SQL Injection 9. Inclusion Attacks 9.1 PHP, Include and Require 9.2 Relative Paths and Absolute Paths 9.3 PHPWrappers 9.4 Local Inclusion 9.4.1 LAB: Local File Inclusion Attack: Local File Inclusion "Low" Attack: Local File Inclusion "Medium" Attack: Local File Inclusion "High" Payload: Local File Exploitation Defense: Local File Inclusion 9.5 Remote Inclusion 9.5.1 LAB: Remote File Inclusion Attack: Remote File Inclusion "Low" Attack: Remote File Inclusion "Medium" Attack: Remote File Inclusion "High" Payload: Reverse Shell (Netcat) Defense: Remote File Inclusion 10. Attacks on Uploads 10.1 Unrestricted File Upload 10.1.1 LAB: File Upload Attack: File Upload "Low" Attack: File Upload "Medium" Attack: File Upload "High" Payload: Upload + RCE = Web Shell Payload: Upload + RCE = Reverse Shell Defense: File Upload 11. Attacks on Deception 11.1 Phishing 11.1.1 Principles of Phishing 11.1.2 Types of Phishing Attack: Fake Sub-domain Attack: Unicode Domain (Attack) Payload: Fake Login Defense: Phishing 12. Post-Attack Violations 12.1 Traces of an Attack 12.1.1 Apache Log 12.1.2 Automatic Log Analysis 12.2 Web Shell 12.2.1 Web Shell, what are they for Attack: Web Shell Programming 12.2.2 Web Shell Evasion Techniques Attack: Web Shell Headers Attack: Web Shell Obfuscation Defense: Web Shell 12.3 Remote Shell 12.4 Malvertising 12.4.1 Cryptocurrencies Injection 12.5 Ghost Users 12.6 Deface 12.7 Privilege Escalation 13. Scanner and Framework 13.1 Web Application Security Scanner 13.1.1 Vega Vulnerability Scanner 13.1.2 Arachni Web Application Security Scanner Framework 13.1.3 Nikto2 13.2 Security Frameworks 13.2.1 OpenVAS 13.2.2 Galileo Web Application Audit Framework 14. Fin 15. Security Check-List 16. Hacking Cribsheet 17. Cheatsheet Linux Commands
دانلود کتاب Hacklog Volume 2 Web Hacking: Handbook on IT Security and Ethical Hacking