Showing posts with label Hands-On. Show all posts

A practical guide to help ethical hackers discover web application security flaws

Joseph Marshall

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 3.00 USD
 240 p
 File Size
 14,275 KB
 File Type
 PDF format
 2018 Packt Publishing 

About the Author
Joseph Marshall is a web application developer and freelance writer with credits from The
Atlantic, Kirkus Review, and the SXSW film blog. He also enjoys moonlighting as a
freelance security researcher, working with third-party vulnerability marketplaces such as
Bugcrowd and HackerOne. His background and education include expertise in
development, nonfiction writing, linguistics, and instruction/teaching. He lives in Austin, TX.

About the reviewers
Sachin Wagh is a young information security researcher from India. His core area of
expertise includes penetration testing, vulnerability analysis, and exploit development. He
has found security vulnerabilities in Google, Tesla Motors, LastPass, Microsoft, F-Secure,
and other companies. Due to the severity of many bugs discovered, he has received
numerous awards for his findings. He has participated in several security conferences as a
speaker, such as Hack In Paris, Infosecurity Europe, and HAKON.
I would specially like to thank Shweta Pant and Drashti Panchal for offering me this
opportunity. I would also like to thank my family and close friends for supporting me.

Himanshu Sharma has already achieved fame for finding security loopholes and
vulnerabilities in Apple, Google, Microsoft, Facebook, Adobe, Uber, and many more, with
hall of fame listings as proof. He has helped celebrities such as Harbhajan Singh, and also
assisted an international singer in tracking down his hacked account and recovering it. He
was a speaker at the international conferences Botconf 2013 and CONFidence 2018. He has
also spoken at IEEE conferences in California and Malaysia, as well as for TEDx. Currently,
he is the cofounder of BugsBounty, a crowd-sourced security platform for ethical hackers
and companies interested in cyber services. He has also authored a book titled Kali Linux -
An Ethical Hacker's Cookbook.

This book is designed to give interested coders (part-time, professional, and otherwise) the
skills they need to start participating in public bug bounty programs, covering both general
pentesting subjects, such as scoping your testing sessions appropriately, and bountyspecific
security topics, such as how to format your bug submission report to ensure the
best chance of earning a reward
As the need for security audits on the public web grows, crowdsourced solutions are
becoming more popular. This book aims to give you everything you need to participate in
those programs􀁢walking you through important topics with a mix of theory and direct,
hands-on examples.

Table of Contents
Preface 1
Chapter 1: Joining the Hunt 6
Technical Requirements 6
The Benefits of Bug Bounty Programs 7
What You Should Already Know – Pentesting Background 10
Setting Up Your Environment – Tools To Know 10
What You Will Learn – Next Steps 12
How (Not) To Use This Book – A Warning 12
Summary 14
Questions 15
Further Reading 15
Chapter 2: Choosing Your Hunting Ground 16
Technical Requirements 16
An Overview of Bug Bounty Communities – Where to Start Your
Search 16
Third-Party Marketplaces 17
Bugcrowd 17
HackerOne 18
Vulnerability Lab 19
BountyFactory 19
Synack 19
Company-Sponsored Initiatives 20
Google 21
Facebook 21
Amazon 22
GitHub 22
Microsoft 22
Finding Other Programs 23
Money Versus Swag Rewards 23
The Internet Bug Bounty Program 24
ZeroDisclo and Coordinated Vulnerability Disclosures 24
The Vulnerability of Web Applications – What You Should Target 26
Evaluating Rules of Engagement – How to Protect Yourself 27
Summary 29
Questions 29
Further Reading 30
Chapter 3: Preparing for an Engagement 31
Technical Requirements 32
Tools 32
Using Burp 34
Attack Surface Reconnaisance – Strategies and the Value of
Standardization 34
Sitemaps 35
Scanning and Target Reconaissance 37
Brute-forcing Web Content 37
Spidering and Other Data-Collection Techniques 39
Burp Spider 39
Striker 40
Scrapy and Custom Pipelines 42
Manual Walkthroughs 42
Source Code 45
Building a Process 47
Formatting the JS Report 47
Downloading the JavaScript 50
Putting It All Together 51
The Value Behind the Structure 52
Summary 53
Questions 54
Further Reading 54
Chapter 4: Unsanitized Data – An XSS Case Study 55
Technical Requirements 56
A Quick Overview of XSS – The Many Varieties of XSS 56
Testing for XSS – Where to Find It, How to Verify It 57
Burp Suite and XSS Validator 57
Payload Sets 61
Payload Options 61
Payload Processing 62
XSS – An End-To-End Example 65
XSS in Google Gruyere 66
Gathering Report Information 69
Category 69
Timestamps 69
URL 70
Payload 70
Methodology 70
Instructions to Reproduce 70
Attack Scenario 71
Summary 72
Questions 72
Further Reading 72
Chapter 5: SQL, Code Injection, and Scanners 73
Technical Requirements 74
SQLi and Other Code Injection Attacks – Accepting Unvalidated
Data 75
A Simple SQLi Example 75
Testing for SQLi With Sqlmap – Where to Find It and How to Verify It 76
Google Dorks for SQLi 79
Validating a Dork 79
Scanning for SQLi With Arachni 81
Going Beyond Defaults 82
Writing a Wrapper Script 84
NoSQL Injection – Injecting Malformed MongoDB Queries 84
SQLi – An End-to-End Example 85
Gathering Report Information 88
Category 88
Timestamps 88
URL 89
Payload 89
Methodology 89
Instructions to Reproduce 89
Attack Scenario 89
Final Report 89
Summary 90
Questions 90
Further Reading 91
Chapter 6: CSRF and Insecure Session Authentication 92
Technical Requirements 93
Building and Using CSRF PoCs 93
Creating a CSRF PoC Code Snippet 93
Validating Your CSRF PoC 97
Creating Your CSRF PoC Programmatically 99
CSRF – An End-to-End Example 105
Gathering Report Information 112
Category 112
Timestamps 112
URL 112
Payload 112
Methodology 112
Instructions to Reproduce 112
Attack Scenario 113
Final Report 113
Summary 114
Questions 114
Further Reading 114
Chapter 7: Detecting XML External Entities 115
Technical requirements 116
A simple XXE example 116
XML injection vectors 118
XML injection and XXE – stronger together 119
Testing for XXE – where to find it, and how to verify it 120
XXE – an end-to-end example 120
Gathering report information 125
Category 125
Timestamps 125
URL 125
Payload 125
Methodology 125
Instructions to reproduce 126
Attack scenario 126
Final report 126
Summary 127
Questions 127
Further reading 128
Chapter 8: Access Control and Security Through Obscurity 129
Technical Requirements 129
Security by Obscurity – The Siren Song 130
Data Leaks – What Information Matters? 131
API Keys 131
Access Tokens 131
Passwords 132
Hostnames 132
Machine RSA/Encryption Keys 132
Account and Application Data 132
Low Value Data – What Doesn’t Matter 132
Generally Descriptive Error Messages 133
404 and Other Non-200 Error Codes 133
Username Enumeration 133
Browser Autocomplete or Save Password Functionality 133
Data Leak Vectors 134
Config Files 134
Public Code Repos 134
Client Source Code 135
Hidden Fields 135
Error Messages 136
Unmasking Hidden Content – How to Pull the Curtains Back 136
Preliminary Code Analysis 136
Using Burp to Uncover Hidden Fields 136
Data Leakage – An End-to-End Example 138
Gathering Report Information 141
Final Report 142
Summary 142
Questions 143
Further Reading 143
Chapter 9: Framework and Application-Specific Vulnerabilities 144
Technical Requirements 145
Known Component Vulnerabilities and CVEs – A Quick Refresher 147
WordPress – Using WPScan 148
WPScan as a Dockerized CLI 148
Burp and WPScan 153
Ruby on Rails – Rubysec Tools and Tricks 157
Exploiting RESTful MVC Routing Patterns 158
Checking the Version for Particular Weaknesses 158
Testing Cookie Data and Authentication 158
Django – Strategies for the Python App 158
Checking for DEBUG = True 159
Probing the Admin Page 159
Summary 159
Questions 160
Further Reading 160
Chapter 10: Formatting Your Report 161
Technical Requirements 161
Reproducing the Bug – How Your Submission Is Vetted 162
Critical Information – What Your Report Needs 164
Maximizing Your Award – The Features That Pay 165
Example Submission Reports – Where to Look 167
Hackerone Hacktivity 168
Vulnerability Lab Archive 169
GitHub 170
Summary 171
Questions 171
Further Reading 171
Chapter 11: Other Tools 172
Technical Requirements 172
Evaluating New Tools – What to Look For 173
Paid Versus Free Editions – What Makes a Tool Worth It? 173
A Quick Overview of Other Options – Nikto, Kali, Burp Extensions,
and More 176
Scanners 176
Nikto 176
Zed Attack Proxy 176
w3af 176
nmap and python-nmap 177
Aircrack-ng 177
Wireshark 177
SpiderFoot 177
Resources 178
FuzzDB 178
Pentesting Cheatsheet 178
Exploit DB 178
Awesome Web Security 179
Kali Linux 179
Source Code Analysis (White Box) Tools 179
Pytaint 179
Bandit 180
Brakeman 180
Burp 180
Burp Extensions 180
JSON Beautifier 180
Retire.js 181
Python Scripter 181
Burp Notes 181
Burp REST API 181
SaaS-Specific Extensions 181
Using Burp Pro to Generate a CSRF PoC 182
Metasploit and Exploitation Frameworks 184
Summary 185
Questions 185
Further Reading 186
Chapter 12: Other (Out of Scope) Vulnerabilities 187
Technical Requirements 187
DoS/DDoS – The Denial-of-Service Problem 188
Sandboxed and Self-XSS – Low-Threat XSS Varieties 189
Non-Critical Data Leaks – What Companies Don’t Care About 190
Emails 190
HTTP Request Banners 190
Known Public Files 191
Missing HttpOnly Cookie Flags 191
Other Common No-Payout Vulnerabilities 191
Weak or Easily Nypassed Captchas 191
The HTTP OPTIONS Method Enabled 192
BEAST (CVE-2011-3389) and Other SSL-Based Attacks 192
Brute Forcing Authentication Systems 193
CSRF Logout 193
Anonymous Form CSRF 193
Clickjacking and Clickjacking-Enabled Attacks 194
Physical Testing Findings 194
Outdated Browsers 194
Server Information 195
Rate-Limiting 195
Summary 195
Questions 195
Further Reading 196
Chapter 13: Going Further 197
Blogs 197
The SANS Institute 197
Bugcrowd 198
Darknet 198
HighOn.Coffee 198
Zero Day Blog 198
SANS AppSec Blog 199
Courses 199
Penetration Testing With Kali Linux 199
The Infosec Institute Coursework 199
Udemy Penetration Testing Classes 200
Terminology 200
Attack Scenario 200
Attack Surface 200
Black Box Testing 201
Bugs 201
Bug Bounty Programs 201
CORS 201
Data Exfiltration 202
Data Sanitation 202
Data Leakage 202
Exploit 202
Fingerprinting 203
Fuzzing 203
Google Dorks 203
Known Component Vulnerabilities 203
Passive Versus Active Scanning 204
Payload 204
Proof-of-Concept (PoC) 204
Rules of Engagement (RoE) 204
Red Team 204
Remote Code Execution (RCE) 205
Safe Harbor 205
Scope 205
Security Posture 205
Single-Origin Policy 206
Submission Report 206
Vulnerability 206
White Box Testing 206
Workflow 207
Zero-Day 207
Summary 207
Questions 207
Further Reading 208
Assessment 209
Other Books You May Enjoy 217
Index 220

e-book shop

Who this book is for
This book is written for developers, hobbyists, pentesters, and anyone with an interest (and
maybe a little experience) in web application security and public bug bounty programs.

Leverage the power of Python to encrypt and decrypt data 

Samuel Bowne

What this book covers

Chapter 1, Obfuscation, covers the Caesar cipher and ROT13, simple character
substitution ciphers, and base64 encoding. We then move on to XOR. In the end,
there are challenges to test your learning that involve cracking the Caesar
cipher, reversing base64 encoding, and deciphering XOR encryption without the key.
Chapter 2, Hashing, covers the older MD5 and the newer SHA hashing techniques
and also Windows password hashes. The weakest type of hashing is common
use, followed by Linux password hashes, which are the strongest type of hashing
in common use. Afterward, there are some challenges to complete. The first is to
crack some Windows hashes and recover passwords, then you will be tasked
with cracking hashes where you don't even know how many rounds of hashing
algorithm were used, and finally you will be asked to crack those strong Linux hashes.
Chapter 3, Strong Encryption, covers the primary mode used to hide data today. It
is strong enough for the US military. Then, there are two of its modes, ECB and
CBC; CBC being the stronger and more common one. We will also discuss the
padding oracle attack, which makes it possible to overcome some parts of AES
CBC if the designer makes an error and the overly informative error message
gives information to the attacker. Finally, we introduce RSA, the main public
key algorithm used today, which makes it possible to send secrets over an
insecure channel without having exchanged a gives private key. Following all
that, we will perform a challenge where, we will crack RSA in the case where it
is erroneously created with two similar prime numbers instead of two random prime numbers.

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 2.00 USD
 124 p
 File Size
 5,856 KB
 File Type
 PDF format
 2018 Packt Publishing 

About the Author
Sam Bowne has been teaching computer networking and security classes at City
College of San Francisco since 2000. He has given talks and hands-on training at
DEFCON, HOPE, B-Sides SF, B-Sides LV, BayThreat, LayerOne, Toorcon, and
many other schools and conferences. He has done his PhD and CISSP. He is a
DEF CON Black-Badge co-winner.

Cryptography has a long and important history in protecting critical systems and
sensitive information. This book will show you how to encrypt, evaluate,
compare, and attack data using Python. Overall, the book will help you deal with
the common errors in encryption and show you how to exploit them.

Who this book is for
This book is intended for security professionals who want to learn how to
encrypt data, evaluate and compare encryption methods, and how to attack them.

Table of Contents
Title Page
Copyright and Credits
Hands-On Cryptography with Python
Packt Upsell
Why subscribe?
About the author
Packt is searching for authors like you
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
1. Obfuscation
About cryptography
Installing and setting up Python
Using Python on Mac or Linux
Installing Python on Windows
Caesar cipher and ROT13
Implementing the Caesar cipher in Python
base64 encoding
ASCII data
Binary data
Challenge 1 – the Caesar cipher
Challenge 2 – base64
Challenge 3 – XOR
2. Hashing
MD5 and SHA hashes
What are hashes?
Windows password hashes
Getting hashes with Cain
MD4 and Unicode
Cracking hashes with Google
Cracking hashes with wordlists
Linux password hashes
Challenge 1 – cracking Windows hashes
Challenge 2 – cracking many-round hashes
Challenge 3 – cracking Linux hashes
3. Strong Encryption
Strong encryption with AES
ECB and CBC modes
Padding oracle attack
Strong encryption with RSA
Public key encryption
RSA algorithm
Implementation in Python
Challenge – cracking RSA with similar factors
Large integers in Python
What's next?
Cryptography within IoT
ZigBee cryptographic keys
Complexity of ZigBee key management
Bluetooth – LE
Other Books You May Enjoy
Leave a review - let other readers know what you think

e-books shop

To get the most out of this book
You do not need to have programming experience or any special computer. Any
computer that can run Python can do these projects, and you don't need much
math because we'll not be inventing new encryption techniques just to learn how
to use the pre-existing standard ones that don't require anything more than very
basic algebra.

Automate common administrative and security tasks with Python

Bassem Aly

What this book covers

Chapter 1, Setting Up Python Environment
Chapter 2, Common Libraries Used in Automation,
Chapter 3, Setting up Your Network Lab Environment
Chapter 4, Using Python to Manage Network Devices
Chapter 5, Extracting Useful Data from Network Devices
Chapter 6, Configuration Generator with Python and Jinja2
Chapter 7, Parallel Execution of the Python Script
Chapter 8, Preparing a Lab Environment
Chapter 9, Using the Subprocess Module
Chapter 10, Running System Administration Tasks with Fabric
Chapter 11, Generating System Reports, Managing Users, and System Monitoring
Chapter 12, Interacting with the Database
Chapter 13, Ansible for System Administration
Chapter 14, Creating and Managing VMWare Virtual Machines
Chapter 15, Interacting with Openstack API
Chapter 16, Automating AWS with Python and Boto3
Chapter 17, Using the SCAPY Framework, introduces SCAPY
Chapter 18, Building Network Scanner Using Python

e-books shop
e-books shop
Purchase Now !
Just with Paypal

Book Details
 4.00 USD
 492 p
 File Size
 28,577 KB
 File Type
 PDF format
 2018 Packt Publishing 

About the Author
Bassem Aly is an experienced SDN/NFV solution consultant at Juniper
Networks and has been working in the telco industry for the last 9 years. He has
focused on designing and implementing next-generation solutions by leveraging
different automation and DevOps frameworks. Also, he has extensive experience
of architecting and deploying telco applications over OpenStack. He also
conducts corporate training on network automation and network
programmability using Python and Ansible.

I would like to thank my amazing wife, Sarah, and my fantastic daughter, Mariam. They've sacrificed many nights and meals for this dream. I hope Mariam will read this book one day and understand why I spent so much time on the computer instead of “chasing”. Thanks to my parents for their encouragement, which made me who I am today. Finally, thanks to my mentor, Ashraf Albasti, who has helped me in countless ways in my career.

About the reviewer
Jere Julian is a senior network automation engineer with nearly two decades of
automation experience currently focused on workflow simplification through
automation. The past few years have found him on the speaker circuit at DevOps
Days and Interop ITX, as well as regularly contributing to network computing.
He lives in NC with his wife and two boys and fights fire as a community
volunteer as opposed to the data center. He can be contacted on Twitter at @julianje.

The book starts by covering the set up of a Python environment to perform
automation tasks, as well as the modules, libraries, and tools you will be using.

We'll explore examples of network automation tasks using simple Python
programs and Ansible. Next, we will walk you through automating
administration tasks with Python Fabric, where you will learn to perform server
configuration and administration along with system administration tasks such as
user management, database management, and process management. As you
progress through this book, you'll automate several testing services with Python
scripts and perform automation tasks on virtual machines and the cloud
infrastructure with Python. In the concluding chapters, you will cover Pythonbased
offensive security tools and learn to automate your security tasks.

By the end of this book, you will have mastered the skills of automating several
system administration tasks with Python.

Table of Contents
Title Page
Copyright and Credits
Hands-On Enterprise Automation with Python
Packt Upsell
Why subscribe?
About the author
About the reviewer
Packt is searching for authors like you
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
1. Setting Up Our Python Environment
An introduction to Python
Python versions
Why are there two active versions?
Should you only learn Python 3?
Does this mean I can't write code that runs on both Python 2 and Pyt
hon 3?
Python installation
Installing the PyCharm IDE
Setting up a Python project inside PyCharm
Exploring some nifty PyCharm features
Code debugging
Code refactoring
Installing packages from the GUI
2. Common Libraries Used in Automation
Understanding Python packages
Package search paths
Common Python libraries
Network Python Libraries
System and cloud Python libraries
Accessing module source code
Visualizing Python code
3. Setting Up the Network Lab Environment
Technical requirements
When and why to automate the network
Why do we need automation?
Screen scraping versus API automation
Why use Python for network automation?
The future of network automation
Network lab setup
Getting ready – installing EVE-NG
Installation on VMware Workstation
Installation over VMware ESXi
Installation over Red Hat KVM
Accessing EVE-NG
Installing EVE-NG client pack
Loading network images into EVE-NG
Building an enterprise network topology
Adding new nodes
Connecting nodes together
4. Using Python to Manage Network Devices
Technical requirements
Python and SSH
Paramiko module
Module installation
SSH to the network device
Netmiko module
Vendor support
Installation and verification
Using netmiko for SSH
Configuring devices using netmiko
Exception handling in netmiko
Device auto detect
Using the telnet protocol in Python
Push configuration using telnetlib
Handling IP addresses and networks with netaddr
Netaddr installation
Exploring netaddr methods
Sample use cases
Backup device configuration
Building the python script
Creating your own access terminal
Reading data from an Excel sheet
More use cases
5. Extracting Useful Data from Network Devices
Technical requirements
Understanding parsers
Introduction to regular expressions
Creating a regular expression in Python
Configuration auditing using CiscoConfParse
CiscoConfParse library
Supported vendors
CiscoConfParse installation
Working with CiscoConfParse
Visualizing returned data with matplotLib
Matplotlib installation
Hands-on with matplotlib
Visualizing SNMP using matplotlib
6. Configuration Generator with Python and Jinja2
What is YAML?
YAML file formatting
Text editor tips
Building a golden configuration with Jinja2
Reading templates from the filesystem
Using Jinja2 loops and conditions
7. Parallel Execution of Python Script
How a computer executes your Python script
Python multiprocessing library
Getting started with multiprocessing
Intercommunication between processes
8. Preparing a Lab Environment
Getting the Linux operating system
Downloading CentOS
Downloading Ubuntu
Creating an automation machine on a hypervisor
Creating a Linux machine over VMware ESXi
Creating a Linux machine over KVM
Getting started with Cobbler
Understanding how Cobbler works
Installing Cobbler on an automation server
Provisioning servers through Cobbler
9. Using the Subprocess Module
The popen() subprocess
Reading stdin, stdout, and stderr
The subprocess call suite
10. Running System Administration Tasks with Fabric
Technical requirements
What is Fabric?
Fabric operations
Using run operation
Using get operation
Using put operation
Using sudo operation
Using prompt operation
Using reboot operation
Executing your first Fabric file
More about the fab tool
Discover system health using Fabric
Other useful features in Fabric
Fabric roles
Fabric context managers
11. Generating System Reports and System Monitoring
Collecting data from Linux
Sending generated data through email
Using the time and date modules
Running the script on a regular basis
Managing users in Ansible
Linux systems
Microsoft Windows
12. Interacting with the Database
Installing MySQL on an automation server
Securing the installation
Verifying the database installation
Accessing the MySQL database from Python
Querying the database
Inserting records into the database
13. Ansible for System Administration
Ansible terminology
Installing Ansible on Linux
On RHEL and CentOS
Using Ansible in ad hoc mode
How Ansible actually works
Creating your first playbook
Understanding Ansible conditions, handlers, and loops
Designing conditions
Creating loops in ansible
Trigger tasks with handlers
Working with Ansible facts
Working with the Ansible template
14. Creating and Managing VMware Virtual Machines
Setting up the environment
Generating a VMX file using Jinja2
Building the VMX template
Handling Microsoft Excel data
Generating VMX files
VMware Python clients
Installing PyVmomi
First steps with pyvmomi
Changing the virtual machine state
There's more
Using Ansible playbook to manage instances
15. Interacting with the OpenStack API
Understanding RESTful web services
Setting up the environment
Installing rdo-OpenStack package
On RHEL 7.4
On CentOS 7.4
Generating answer file
Editing answer file
Run the packstack
Access the OpenStack GUI
Sending requests to the OpenStack keystone
Creating instances from Python
Creating the image
Assigning a flavor
Creating the network and subnet
Launching the instance
Managing OpenStack instances from Ansible
Shade and Ansible installation
Building the Ansible playbook
Running the playbook
16. Automating AWS with Boto3
AWS Python modules
Boto3 installation
Managing AWS instances
Instance termination
Automating AWS S3 services
Creating buckets
Uploading a file to a bucket
Deleting a bucket
17. Using the Scapy Framework
Understanding Scapy
Installing Scapy
Unix-based systems
Installing in Debian and Ubuntu
Installing in Red Hat/CentOS
Windows and macOS X Support
Generating packets and network streams using Scapy
Capturing and replaying packets
Injecting data inside packets
Packet sniffing
Writing the packets to pcap
18. Building a Network Scanner Using Python
Understanding the network scanner
Building a network scanner with Python
Enhancing the code
Scanning the services
Sharing your code on GitHub
Creating an account on GitHub
Creating and pushing your code
Other Books You May Enjoy
Leave a review - let other readers know what you think

e-books shop

Who this book is for
Hands-On Enterprise Automation with Python is for system administrators and
DevOps engineers who are looking for an alternative to major automation
frameworks such as Puppet and Chef. Basic programming knowledge with
Python and Linux shell scripting is necessary.

To get the most out of this book
The reader should be acquainted with the basic programming paradigm of
Python programming language and should have basic knowledge of Linux and
Linux shell scripting.
Loading... Protection Status