Mastering Kali Linux for Web Penetration Testing
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Stalking Prey Through Target Recon

The American President Abraham Lincoln, quotable as he may have been, is often (incorrectly) held to have once said,

"Give me six hours to chop down a tree and I will spend the first four sharpening the axe."

Regardless of where the quote truly came from, we can certainly relate this with hacking. Much success in web penetration testing is determined by what we uncover here, how we sift through the information, and how we couple it with tools covered later in this book. A thorough and methodical approach here will save time, focus efforts, and aid in planning our attacks. The methodologies from the various frameworks and organizations we discussed in Chapter 2, Guidelines for Preparation and Testing, all include some aspects of information gathering, and the tools available in Kali Linux should be familiar to you. 

In this book, we'll be following along with the Pen Test Kill Chain discussed in Penetration Testing with the Raspberry Pi – Second Edition (by Jason Beltrame and Mike McPhee, available at  https://www.packtpub.com/networking-and-servers/penetration-testing-raspberry-pi-second-edition) shown in the following figure:
The Pen Test Kill Chain helps to understand what tools are involved when. Build your own version to help visualize the workflow.

This information gathering takes many forms, but as a practicing hacker, you have probably developed your own preferences and routines. A healthy mix of open source information gathering, passive reconnaissance of the target itself, and subtle, focused scanning and spidering can go a long way toward laying out the rest of your project's game plan. The challenge is to expose as much as possible without triggering defensive awareness (also known as paranoia) in our target's operators. My hope is that I can help provide some tweaks to your processes that can help you get further into your discovery without getting caught.

The universal vulnerability of all systems is the user, and web applications present their developers with an outlet to express themselves and show what they are made of. Effective social engineering can often short-circuit a tremendous amount of technical engineering to obtain credentials and other key elements of the web application's architecture. We'll look at how to exploit trust and pride to encourage the target's users and developers to squeeze as much out of this approach as possible.

Let's not forget that artifacts themselves can help the customer understand their information exposure. Keenly aware cyber security initiatives will not only draw attention to what is publicly available with respect to their organizations, but they may even engage in misinformation. In your discovery, catalog your findings: customers should be commended for reducing their public exposure.

In this chapter, we'll discuss the following:

  • Gathering and using offline archives of websites
  • Reconnaisance of your target using public resources and a fancy old browser
  • Using social engineering to hack the users
  • Automating open source information gathering to map and characterize the target
  • Identifying key aspects of our target and focusing later efforts through active scanning
本周热推:
C语言程序设计实验指导教程小学生C++创意编程(视频教学版)AutoCAD 2009实训指导Python AI游戏编程入门:基于Pygame和PyTorchC语言程序设计教程
上一章目录下一章