
This is a high-level overview of what to expect during the remainder of the Kali Linux Web App Pentesting Labs course.
This lecture will show you how and where to download and configure the latest version of Kali Linux, 2020, which is tailor made for my Udemy course Hands-on Penetration Testing Labs 4.0. It's also being made available for all other courses, as the newest version has some slight differences which may make an impact.
The first step to building our lab is to download, install, and configure Kali Linux. This Linux distro contains all of the tools needed for pentesting demonstrations during the rest of the labs and is an industry standard pentesting platform used by most pentesters worldwide. We’ll be using VirtualBox as a software hypervisor to run the Kali Linux Virtual Machine. A walkthrough video to install VirtualBox won’t be covered in this course due to its simplicity, but you’ll need to download and install VirtualBox to follow along with these labs as instructed. However, you’re welcome to use another form of virtualization software such as VMware if desired.
In this lab we’re going to download and configure SQLi Labs, which is hands down one of my favorites. SQLi Labs was created by a security researcher named Audi-1. SQLi Labs is a collection of PHP files and a script to populate several MySQL databases. The purpose of these labs is to hone your SQL injection skills both manually and automatically.
This lab will cover the download and setup WebGoat 8. This is an intentionally vulnerable web application created by the great people at OWASP. This has several lessons which are meant to demonstrate how many of the OWASP top 10 vulnerabilities are able to be exploited.
OWASP Juice Shop version 7 is an intentionally vulnerable web application written in JavaScript. OWASP Juice Shop contains vulnerabilities from the OWASP top ten, so it will be a great addition to our lab setup. In this lab, we'll download and install docker and the files for OWASP Juice Shop to get this environment set up.
Buggy Web Application or bWAPP is a deliberately insecure web application with over 100 web vulnerabilities. It is said to cover all major known web vulnerabilities, including the OWASP top 10. This makes it a fantastic addition to our set of vulnerable web applications. To give us a different target perspective, we’ll be bringing in a second VM with bWAPP preloaded. Luckily, there’s one readily available to us on the web called beebox. This lab will show you where to get beebox, and how to set it up for our subsequent labs.
The first of the OWASP top 10 is A1: Injection. This focuses upon the exploitation of poorly designed applications which are susceptible to attacks such as SQL, OS, LDAP, XPATH, PHP, SSI, or regex injection. This allows an attacker to execute unintended commands or access unauthorized data by sending untrusted data to an interpreter as part of a command or query. Interpreters regularly execute instructions written in scripting languages, such as Python or Perl. This lab will cover a variety of the aforementioned injection vulnerabilities and methods of exploitation.
The first of the OWASP top 10 is A1: Injection. This focuses upon the exploitation of poorly designed applications which are susceptible to attacks such as SQL, OS, LDAP, XPATH, PHP, SSI, or regex injection. This allows an attacker to execute unintended commands or access unauthorized data by sending untrusted data to an interpreter as part of a command or query. Interpreters regularly execute instructions written in scripting languages, such as Python or Perl. This lab will cover a variety of the aforementioned injection vulnerabilities and methods of exploitation.
The first of the OWASP top 10 is A1: Injection. This focuses upon the exploitation of poorly designed applications which are susceptible to attacks such as SQL, OS, LDAP, XPATH, PHP, SSI, or regex injection. This allows an attacker to execute unintended commands or access unauthorized data by sending untrusted data to an interpreter as part of a command or query. Interpreters regularly execute instructions written in scripting languages, such as Python or Perl. This lab will cover a variety of the aforementioned injection vulnerabilities and methods of exploitation.
The first of the OWASP top 10 is A1: Injection. This focuses upon the exploitation of poorly designed applications which are susceptible to attacks such as SQL, OS, LDAP, XPATH, PHP, SSI, or regex injection. This allows an attacker to execute unintended commands or access unauthorized data by sending untrusted data to an interpreter as part of a command or query. Interpreters regularly execute instructions written in scripting languages, such as Python or Perl. This lab will cover a variety of the aforementioned injection vulnerabilities and methods of exploitation.
The first of the OWASP top 10 is A1: Injection. This focuses upon the exploitation of poorly designed applications which are susceptible to attacks such as SQL, OS, LDAP, XPATH, PHP, SSI, or regex injection. This allows an attacker to execute unintended commands or access unauthorized data by sending untrusted data to an interpreter as part of a command or query. Interpreters regularly execute instructions written in scripting languages, such as Python or Perl. This lab will cover a variety of the aforementioned injection vulnerabilities and methods of exploitation.
Number two of the OWASP top 10 web vulnerabilities is A2: Broken Authentication and Session Management. This applies specifically to poorly implemented application functions that are related to authentication and session management. Exploiting these vulnerable applications can allow attackers to compromise passwords, keys, session tokens, or other implementation flaws. An example of an attack associated with this area is session hijacking, where an attacker can masquerade as an authenticated, trusted user. This lab will demonstrate vulnerabilities and exploitation of OWASP A2.
This lab will focus upon vulnerabilities and exploitation associated with A3 of the OWASP top 10, Sensitive Data Exposure. Sensitive data includes but is not limited to personally identifiable information or PII, personal health information or PHI, financial data, etc. Data at rest and in transit must be encrypted in order to protect its confidentiality. Sending sensitive data in the clear or plaintext makes it vulnerable to possible unauthorized access.
The focus of this lab will be the vulnerabilities and exploitation for XML External Entities or XXE, which is A4 of the OWASP top 10. Such vulnerabilities exist when poorly configured XML processors evaluate external entity references with XML documents. Exploitation can result in disclosure of internal files using the URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
Broken Access Control is A5 of the OWASP top 10. This includes Insecure Direct Object References (IDOR) and Missing Function Level Access Control which was previously its own section in the OWASP top 10 for the 2013 version. This commonly would allow attackers to exploit flaws in what authenticated users are allowed to do in order to access unauthorized functionality/data, access other users' accounts, and view or modify sensitive files. This lab will demonstrate vulnerabilities and exploitation which pertain to OWASP A5.
Broken Access Control is A5 of the OWASP top 10. This includes Insecure Direct Object References (IDOR) and Missing Function Level Access Control which was previously its own section in the OWASP top 10 for the 2013 version. This commonly would allow attackers to exploit flaws in what authenticated users are allowed to do in order to access unauthorized functionality/data, access other users' accounts, and view or modify sensitive files. This lab will demonstrate vulnerabilities and exploitation which pertain to OWASP A5.
A6 of the OWASP top ten is Security Misconfiguration. It applies to default configurations, unpatched applications, out of date software, ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. In this lab, we'll be covering vulnerabilities and exploitation related to OWASP A6.
A6 of the OWASP top ten is Security Misconfiguration. It applies to default configurations, unpatched applications, out of date software, ad hoc configurations, open cloud storage, misconfigured HTTP headers, and verbose error messages containing sensitive information. In this lab, we'll be covering vulnerabilities and exploitation related to OWASP A6.
A7 of the OWASP top ten is Cross Site Scripting XSS - XSS attacks occur when an attacker sends untrusted data to web browser with no proper input validating and escaping. Successful attempts allow script execution in victim’s browser, which can hijack user sessions, deface sites, redirect users to malicious sites. This lab will cover the vulnerabilities and exploits related to the three types of XSS (reflected, stored, and DOM).
A7 of the OWASP top ten is Cross Site Scripting XSS - XSS attacks occur when an attacker sends untrusted data to web browser with no proper input validating and escaping. Successful attempts allow script execution in victim’s browser, which can hijack user sessions, deface sites, redirect users to malicious sites. This lab will cover the vulnerabilities and exploits related to the three types of XSS (reflected, stored, and DOM).
A7 of the OWASP top ten is Cross Site Scripting XSS - XSS attacks occur when an attacker sends untrusted data to web browser with no proper input validating and escaping. Successful attempts allow script execution in victim’s browser, which can hijack user sessions, deface sites, redirect users to malicious sites. This lab will cover the vulnerabilities and exploits related to the three types of XSS (reflected, stored, and DOM).
OWASP A8 Insecure deserialization can be used to perform attacks, including remote code execution, replay attacks, injection attacks, and privilege escalation attacks. This lab contains a thorough explanation of insecure deserialization, the download and set up of a vulnerable Jboss Application Server, and how to actively exploit the insecure deserialization.
A9 of the OWASP top 10 is Using components with known vulnerabilities. Vulnerable components such as libraries, frameworks, and other software modules run with the same privileges as the application itself. If a vulnerable component is exploited, serious data loss or server compromise can occur. Applications and APIs using components with known vulnerabilities may undermine defenses and enable attacks. This lab will cover vulnerabilities and exploits related to OWASP A9.
Congratulations for making it this far. Now I would like for you to put everything you've learned to the test and try to complete as many of the challenges as possible on OWASP Juice Shop. Good luck, and try harder!
Welcome to my Kali Linux Web App Pentesting Labs course! This course will be 100% hands-on, focusing specifically on exploitation of vulnerable web applications. We’ll be building a lab environment consisting of Kali Linux, and several intentionally vulnerable web applications including Beebox, SQL injection labs, OWASP Juice Shop, and WebGoat.
Through the duration of this course, we’ll be focusing upon the most prevalent web application vulnerabilities and how to exploit them. As a framework for our learning approach, we’ll be using the most recent version of OWASP at the time of this recording, which is OWASP 2017 top 10. OWASP is an organization which focuses upon improving the security of web applications and is a fundamental and necessary component to learn for aspiring pentesters. We'll be covering OWASP 1-9, because 10 does not apply specifically to pentesting, and is focused on the defensive side. Additionally, we'll be covering each of these in great detail over this course.
The primary topics within this course are both manual and automated methods of detection and exploitation of web application web application vulnerabilities. You'll be getting hands-on exposure to industry standard tools such as Burpsuite, Nmap, Nikto, Sqlmap, and many more. From what I've seen over the years in cybersecurity academia, including certifications, hands-on skills are highly lacking, save for the offensive security certs. This is because the majority of courses I've seen only teach theory, and have students prove their competency through writing and answering multiple choice questions. This does not prepare one for the real world, especially for pentesting where technical skills are paramount. This course aims to bridge that gap.
The beginning of this course will consist of downloading, installing, and configuring the components necessary for comprehensive hands-on web application penetration testing in a lab environment. Please get ready to hit the ground running and follow along with these labs, as we’ll be getting started right away in the subsequent lecture.
I really look forward to working with all of you. If you have any questions during any of the labs, please feel free to reach out to me directly with the messaging system or Q&A section.