Chapter 6. Exploitation – Low Hanging Fruits

In this chapter, we will cover:

Abusing file inclusions and uploads
Exploiting OS Command Injections
Exploiting an XML External Entity Injection
Brute-forcing passwords with THC-Hydra
Dictionary attacks on login pages with Burp Suite
Obtaining session cookies through XSS
Step by step basic SQL Injection
Finding and exploiting SQL Injections with SQLMap
Attacking Tomcat's passwords with Metasploit
Using Tomcat Manager to execute code

Introduction

With this chapter we will begin our coverage of the exploitation phase of a penetration test. This is the main difference between a vulnerability assessment, where the tester identifies vulnerabilities (most of the time using an automated scanner) and issues recommendations ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Chapter 6. Exploitation – Low Hanging Fruits

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly