Penetration Testing for Jobseekers Perform Ethical Hacking across Web Apps, Networks, Mobile Devices using Kali Linux (Debasish Mandal) (z-library.sk, 1lib.sk, z-lib.sk)

Penetration Testing for Jobseekers Perform Ethical Hacking Across Web Apps, Networks, Mobile Devices and Wifi Using Kali Linux, Burp Suite, MobSF, Metasploit and Aircrack-suite Debasish Mandal www.bpbonline.com

FIRST EDITION 2022 Copyright © BPB Publications, India ISBN: 978-93-55511-973 All Rights Reserved. No part of this publication may be reproduced, distributed or transmitted in any form or by any means or stored in a database or retrieval system, without the prior written permission of the publisher with the exception to the program listings which may be entered, stored and executed in a computer system, but they can not be reproduced by the means of publication, photocopy, recording, or by any electronic and mechanical means. LIMITS OF LIABILITY AND DISCLAIMER OF WARRANTY The information contained in this book is true to correct and the best of author’s and publisher’s knowledge. The author has made every effort to ensure the accuracy of these publications, but publisher cannot be held responsible for any loss or damage arising from any information in this book. All trademarks referred to in the book are acknowledged as properties of their respective owners but BPB Publications cannot guarantee the accuracy of this information. www.bpbonline.com

Dedicated to My beloved parents: Mr. Dilip Kumar Mandal Mrs. Mira Mandal

About the Author Debasish Mandal is an information security professional with 10+ years of experience in penetration testing, red teaming, vulnerability and exploit research. His primary areas of expertise are application, networks security and vulnerability research, and reverse engineering. Throughout his career, Debasish has published several patents for developing various defensive security solutions. Being an open-source enthusiast, he has authored and contributed to several open-source projects related to cybersecurity. In the past, Debasish has also presented his research on various defensive and offensive security topics at various international security conferences, such as BlackHat Europe Briefings, Brucon, and SigSegV. Debasish has discovered security vulnerabilities and published security advisories for various popular and widely deployed products of Microsoft, Google, Facebook, Twitter, Apple, etc.

About the Reviewers Haifa Yu has extensive work experience across multiple fields of ICT industry, including Linux system engineering, Linux release distribution development, web development, security services, SOC product management, security operations and cloud security. He was involved with a wide variety of security solutions and projects for Fortune 500 companies. His current focus is on Cloud security, DevSecOps, Big data security, security compliance and cloud application security. He took his master's degree in Computer Technology with specialization in Information Security from Shanghai Jiao Tong University. He also holds several IT certifications, including CISSP, CISA, ISO 27001 LA, GWEB, GCIH, AWS Certified Solutions Architect – Professional, AWS Certified DevOps Engineer – Professional, AWS Certified Security – Specialty, AWS Certified Advanced Networking – Specialty, etc. He lives in Shanghai, China, with his wife, Li Na, and his daughter, Melody. In his spare time, he enjoys researching security applications and exploring the latest trends in security technologies. Pranav Joshi is an independent cybersecurity advisor with over 20 years of experience in spearheading and delivering large-scale information and cybersecurity projects in diverse business verticals such as banking, finance, national stock exchanges, insurance, energy, petrochemical, retail, media, advertising, e-commerce, IT & ITES, government, and defence, including Fortune 100 companies. In his previous role at the Standard Chartered Bank, he oversaw and managed the global security testing function covering 65 countries, tangibly improving the security posture of the bank and reducing compliance-related issues. He is credited for the discovery of several disclosed and undisclosed security vulnerabilities in many popular enterprise products, which have been published by leading cybersecurity corporates, professional bodies, and governmental agencies such as IBM Xforce, SecurityFocus, ExploitDB, the National Vulnerability Database - US Department of Commerce, and

the CyberSecurity & Infrastructure Security Agency – US Department of Homeland Security.

Acknowledgement There are a few people I want to thank for the continued and ongoing support they have given me during the writing of this book. First and foremost, I would like to thank my family, which includes my parents and my sisters, especially Dipsikha, for continuously encouraging me to write the book — I could have never completed this book without their support. I would also like to thank all the technical reviewers of the book for their valuable comments. I gratefully acknowledge Mr. Somnath Guha Neogi for his technical advice. Their valuable inputs helped me improve the overall quality of the content. My gratitude also goes to the entire team at BPB Publications for being supportive enough to provide me enough time to finish the book.

Preface The COVID-19 pandemic has forced all of us to embrace completely new cultures, such as social distancing and remote working. Since an increasing number of organizations are switching to remote working setups, cyber threats to any organization are also increasing alongside. This is the reason why the demand for cybersecurity professionals is growing exponentially in 2021-22. Cybersecurity professionals are required in large numbers worldwide because there is a significant gap between the number of existing cybersecurity professionals and the cybersecurity issues faced daily. Where there could be multiple types of jobs available in the cybersecurity domain, “Penetration Testing” a.k.a. ethical hacking is one of the most popular and exciting ones. After studying this book, you should have a better understanding of the importance of cybersecurity in general and penetration testing in particular. This book takes a practical approach for penetration testing learners by covering several computers and network basics. Then, it deep dives into the different penetration testing methodologies. The book begins with a cybersecurity career path and prospects and then introduces penetration testing and its importance in the modern industry. It is divided into 10 chapters, and it covers many different aspects of penetration testing, including web application, network, Android applications, wireless penetration testing, and preparing reports. This book also shows how a prospective penetration tester can set up an in-house penetration testing lab from scratch to hone their hacking skills. This book should also help readers gain a good understanding of a typical day in a penetration tester’s life. This book could be a perfect place to begin for someone who wants to start their career in penetration testing or someone who has 1-2 years of experience in Penetration Testing / Cybersecurity and wants to upskill themselves on different domains. Chapter 1 will cover the importance of cybersecurity and the current cybersecurity threat landscape. If you want to pursue a career in cybersecurity, this chapter should help you understand cybersecurity career opportunities, roles, responsibilities, and definite career paths.

Chapter 2 will dive deep into basic terminologies related to penetration testing and different types of penetration testing, methodologies, and approaches. It also briefly discusses the basic building blocks of cybersecurity and how it can help you become a good penetration tester. Chapter 3 will help you set up an in-house penetration testing lab from scratch to hone your hacking skills. This chapter mainly helps you choose the right environment for the lab after knowing some facts about penetration testing. In this chapter, we will mainly cover the lab setup required for web, network, and mobile penetration testing. Chapter 4 will dive deep into the current web application threat landscape and the most common attacks on them. This chapter will also take you through different web application penetration testing methodologies, tools, and techniques to find security loopholes in a web app. Along with that, we will discuss prevention methodologies for these web application attacks. Chapter 5 will explain two different ways of secure source code review: manual and automated source code review. We will also discuss their importance, and then we will deep dive into the source code of an intentionally vulnerable web application project and try to identify the security problems in it. Chapter 6 will cover OWASP Mobile Top 10 vulnerabilities and how they affect mobile applications and their users. This chapter will also discuss some hands-on approaches to perform penetration tests on mobile applications developed for the Android platform. We will cover both automated and manual approaches for Android application penetration testing to find weaknesses defined in OWASP Mobile Top 10. Chapter 7 will walk you through the standard ways of conducting network penetration tests. It will also discuss the different phases of penetration tests, like footprinting, scanning, enumeration, exploitation, and so on, and showcase popular tools to perform these actions during a network penetration test. Chapter 8 will cover Wireless LAN security basics and common attacks against it, such as packet injection, MAC spoofing, and attacks against WEP, WPA and WPA2 encryption. This chapter should be able to build the technical foundation for you so that it’s easier for you to learn about other possible Wi-Fi attacks from other sources.

Chapter 9 will discuss the importance of reporting in any penetration testing process. It should cover the things that a penetration testing report must have and help you understand how to prepare an effective penetration testing report according to industry standards. Chapter 10 will try to describe a typical day in a penetration tester’s life. Penetration testing is a very sensitive task, so we will also deep dive into several precautions and dos and don’ts to safely conduct a pen test.

Disclaimer The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Neither BPB Publishing nor the author of this book takes any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorization from the appropriate persons responsible.

Coloured Images Please follow the link to download the Coloured Images of the book: https://rebrand.ly/pg9vneg We have code bundles from our rich catalogue of books and videos available at https://github.com/bpbpublications. Check them out! Errata We take immense pride in our work at BPB Publications and follow best practices to ensure the accuracy of our content to provide with an indulging reading experience to our subscribers. Our readers are our mirrors, and we use their inputs to reflect and improve upon human errors, if any, that may have occurred during the publishing processes involved. To let us maintain the quality and help us reach out to any readers who might be having difficulties due to any unforeseen errors, please write to us at : errata@bpbonline.com Your support, suggestions and feedbacks are highly appreciated by the BPB Publications’ Family. Did you know that BPB offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.bpbonline.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at: business@bpbonline.com for more details. At www.bpbonline.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive

exclusive discounts and offers on BPB books and eBooks.

Piracy If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at business@bpbonline.com with a link to the material. If you are interested in becoming an author If there is a topic that you have expertise in, and you are interested in either writing or contributing to a book, please visit www.bpbonline.com. We have worked with thousands of developers and tech professionals, just like you, to help them share their insights with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Reviews Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions. We at BPB can understand what you think about our products, and our authors can see your feedback on their book. Thank you! For more information about BPB, please visit www.bpbonline.com.

Table of Contents 1. Cybersecurity, Career Path, and Prospects Structure Objectives Introducing cybersecurity Cybersecurity Landscape of cyber threats in the ’20s Classes of cyber threats Importance of cybersecurity Impact of COVID-19 on cybersecurity Transformation of cyber threat landscape due to COVID-19 The effects of remote operations Impact on physical safety of company assets Effects of worldwide layoffs Career scope in cybersecurity Worldwide cybersecurity talent and skill shortage COVID-19 emphasizes more on the need for cybersecurity professionals Working in cybersecurity Types of roles and responsibilities Security specialist Incident responder Security analyst Security administrator Security manager Security auditor Forensic expert Penetration tester Security engineer Security researcher (malware/vulnerability analyst) Career path of a cybersecurity professional Transitioning from general IT to cybersecurity Cybersecurity jobs and compensation in India The ideal cybersecurity (hacker) mindset

Conclusion Points to remember Multiple choice questions Answers Questions Key terms 2. Introduction to Penetration Testing Introduction Structure Objective Hackers and cybersecurity Hackers classification White Hat hacker Black Hat hacker Gray Hat hacker State/nation sponsored hackers Hacktivists Elements of cybersecurity Cyber security principles Confidentiality Integrity Availability Introduction to penetration testing The importance of penetration testing Penetration Testing Execution Standard (PTES) Types of penetration testing Black box penetration testing Gray box penetration testing White box penetration testing How to become a pentester? Developing a hacker-like mindset Being creative Push your limits by learning new things every day Enroll in a course or training program Practice in real and simulated lab Honing your social skills

Limitations of penetration testing Conclusion Questions 3. Setting Up Your Lab for Penetration Testing Introduction Structure Objectives The importance of having an in-house pentest lab Topology of your pentest lab Setting up lab for web and network pentest Utilizing virtualization technology in your lab Basic elements of pentest labs Vulnerable targets/victim systems Attacker machine Introducing Kali Linux Installing Kali Linux in a virtual machine – VMware Workstation Player Kali Linux tools listing Running Kali from the live USB Kali commands cheat sheet Setting up lab for mobile application pentest Basic elements of a mobile pentest lab Android Debug Bridge (adb) Android emulator Burp Suite proxy Apktool Mobile Security Framework (MobSF) Dex to Java decompiler - Jadx Target/vulnerable Android apps Android pentest lab cheat sheet Some useful Android device paths Conclusion Points to remember Multiple choice questions Answers Questions

Key terms 4. Web Application and API Penetration Testing Introduction Structure Objectives Introduction to web applications Standard web application architecture Some important concepts about HTTP protocol HTTP session management Same-origin security policy Authentication versus authorization Authentication Authorization Different types of web application vulnerabilities The Open Web Application Security Project (OWASP) and OWASP Top 10 Introduction to DVWA Injection SQL Injection Error-based SQL Injection SQL Injection cheat sheet Primary defenses against SQL Injection Cross Site Scripting (XSS) Types of XSS DOM-based XSS XSS cheat sheet Stopping XSS attacks Security misconfiguration Finding sensitive information disclosed through misconfiguration DVWA Apache server-info enabled DVWA SVN repository exposure DVWA Apache server status disclosure DVWA directory listing vulnerability Server-side request forgery Example of SSRF