Gain insights into web app vulnerabilities and attack methods, delve into penetration testing with Kali Linux, and explore tools for enhancing information security using Python, web tech, and network management.

webpen.tar.gz

shodan_api

Wireshark

chrome

Burp

frog

proxychains

encoder

setoolkitChrome

chromeShark

juiceshop

BurpChrome

This course is intended for people interested in information security—particularly in the penetration testing of various websites—to identify the security flaws present in the majority of newly developed websites and how to fix them. 

You will learn web penetration testing techniques using the Kali Linux operating system. You will be introduced to Python programming, web server technology, network management, open source intelligence, cross-site scripting, SQL injection, authentication and authorization in systems, cross-site request forgery, social engineering attacks, and concepts in information security management. 

Your knowledge of the various web application vulnerabilities and attack methods will be enhanced after taking this course. You will get hands-on experience with many tools used in online penetration testing in cyber security.

Web Application Penetration Testing

# Exploitation

One of the aims of every cybercriminal is to get access to databases to steal users' credentials, alter the data, or even sabotage an organization's ability to function by deleting everything. This is where finding SQL injections becomes important. The data gained from an injection or even the injection vector could be used to perform other attacks or go straight for privilege escalation if possible.

Let's look at some ways in which SQL injections can be exploited.

## The `GET` method

We first check that the data sent in the request is referenced in the URL. If yes, this means that the data that's sent is visible in the URL. For example, let's take a web application that has a login page. We enter the username and password, and when we click the "Login" button, the URL updates as such:

```
example.com/login.php?username=admin&password=admin
```

In order to bypass the login and gain unauthorized access, an attacker could perform a simple SQL injection like so:

```
example.com/login.php?username='OR1=1--&password=admin
```

Entering the URL above will simply input an empty string for the `username` field and dismiss the `password` field altogether, and the `OR1=1` part will ask the database server to return true no matter what.

## The `POST` method

This is the case where the data is sent in the body of the request sent by the user. Therefore, as opposed to the `GET` method, the sent data is not visible in the URL of the website or the webpage. An attacker, therefore, can use the input fields given by the web application. Simply entering `' OR 1=1` should work. Sometimes, we may need something extra to comment out the other field, so an `#` or `--` should suffice.

## SQLMap

We've already seen SQLMap in action in the previous lesson. Let's now see how to use it beyond searching for vulnerabilities: 
 
- `sqlmap http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart --tables`: This  will return all the tables in the `acuart` database.

- `sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists --columns`: This will return the structure of the table being queried. In this case, we want to check how data is structured in the `artists` table.

- `sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=1 -D acuart -T artists -C aname --dump`: This will return a list of the names of all the artists in the `artists` table.

Let's use the terminal below to try out the commands above and check the output:

Learn how to exploit and mitigate SQL injections.

Introduction to the Course

Introduction to Linux

Introduction to Python

Web and Server Technology

Network Management and Analysis

Open-Source Intelligence

Cross-Site Scripting

SQL Injection

Authentication and Authorization

Cross-Site Request Forgery

Social Engineering Attacks

Broader Security Concepts

Wrapping Up

Exploiting and Mitigating SQL Injections

Exploitation

The `GET` method

The `POST` method

Exploiting and Mitigating SQL Injections

Exploitation

The GET method

The POST method

The `GET` method

The `POST` method