Penetration 1 - Start up Web App Penetration

By Sheldon L

Published at 2020-04-16

Updated at 2020-04-16

---

Setting up Kali Linux

• Linux 8 - Making a Bootable Live USB Drive#Kali

• Check out kali-tools-web in Kali Metapackages

# metapackage
apt-cache search kali-linux

• Set up firefox add-ons on kali:

  • FoxyProxy Standard
  • HackBar
  • Cookies Quick Manager
  • RestClient
  • Tamper Data for FF Quantum
  • Http Request Maker
  • Tampermonkey
  • User-Agent Swicher
  • Wappalyzer
  • XSS Me
  • SQL Inject Me
  • iMacros
  • FirePHP
  • Easy XSS
  • iMacros
  • FirePHP

Setting up Testing Lab

OWASP Broken Web Apps

Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products.

• Download

• Import;

• Login: root; owaspbwa

• Trouble Shooting:

  • Error in VirtualBox - “This kernel requires the following feature not present on the CPU: pae”
    • Shutdown the VM if powered on
    • Right click VM -> Settings -> System
    • Select Processor tab
    • Check Enable PAE/NX checkbox and click OK.
    • Start VM

Communication between Machines

Holde VMs with known vulnerabilities in our local network may pose an important security risk! So:

• Set VBox network to Host-only or NAT.

Other OWASPs

• Vulnhub

• Metasploitable

• Dojo

• Search in Sourceforge …

Traning Resources

• Kali Training