eJPT
  • 馃憢Welcome
  • Tools
    • 馃敪Escaneo y Enumeraci贸n
  • SECTION 1: Assessment Methodologies
    • Assessment Methodologies: Information Gathering
      • Introducci贸n a la Recopilaci贸n de Informaci贸n
        • Start Quiz
      • Passive Information Gathering
      • Active Information Gathering
    • Assessment Methodologies: Footprinting & Scanning
      • Introduction
      • Networking Primer
      • Host Discovery
      • Port Scanning
      • Evasion, Scan Performance & Output
      • Page
      • Challenges
    • Assessment Methodologies: Enumeration
      • Overview
      • SMB Lesson
      • FTP Lesson
      • SSH Lesson
      • HTTP Lesson
      • SQL Lesson
    • Assessment Methodologies: Vulnerability Assessment
      • Vulnerability Assessment
      • Course Labs
  • SECTION 2: Host & Networking Auditing
    • Assessment Methodologies: Auditing Fundamentals
      • Assessment Methodologies
      • Practice
  • SECTION 3: Host & Network Penetration Testing
    • Host & Network Penetration Testing: System/Host Based Attacks
      • Introduction to Attacks
      • Windows Vulnerabilities
      • Exploiting Windows Vulnerabilities
      • Windows Privilege Escalation
      • Windows File System Vulnerabilities
      • Windows Credential Dumping
      • Linux Vulnerabilities
      • Exploiting Linux Vulnerabilities
      • Linux Privilege Escalation
      • Linux Credential Dumping
      • Conclusion
    • Host & Network Penetration Testing: Network-Based Attacks
      • Network-Based Attacks
    • Host & Network Penetration Testing: The Metasploit Framework (MSF)
      • Metasploit
        • Metasploit Fundamentals
      • Information Gathering & Enumeration
        • Nmap
        • Enumeration
      • Vulnerability Scanning
        • MSF
        • Nessus
        • Web Apps
      • Client-Side Attacks
        • Payloads
        • Automating
      • Exploitation
        • Windows Exploitation
        • Linux Exploitation
        • Post Exploitation Fundamentals
        • Windows Post Exploitation
        • Linux Post Exploitation
      • Armitage
        • Metasploit GUIs
    • Host & Network Penetration Testing: Exploitation
      • Introduction To Exploitation
      • Vulnerability Scanning Overview
      • Exploits
        • Searching For Exploits
        • Fixing Exploits
      • Shells
      • Frameworks
      • Windows
      • Linux
      • Obfuscation
    • Host & Network Penetration Testing: Post-Exploitation
      • Introduction
      • Windows Enumeration
      • Linux Enumeration
      • Transferring Files
      • Shells
      • Escalation
        • Windows Privilege Escalation
        • Linux Privilege Escalation
      • Persistence
        • Windows Persistence
        • Linux Persistence
      • Dumping & Cracking
        • Windows Password Hashes
        • Linux Password Hashes
      • Pivoting Lesson
      • Clearing
  • Host & Network Penetration Testing: Social Engineering
    • Social Engineering
  • SECTION 4: Web Application Penetration Testing
    • Introduction to the Web & HTTP Protocol
      • Web Applications
      • HTTP Protocol
        • HTTP/S Protocol Fundamentals
        • Website Crawling & Spidering
Powered by GitBook
On this page
  • Web App Vulnerability Scanning With WMAP
  • Demo: Web App Vulnerability Scanning With WMAP
  • Quiz: Web App Vulnerability Scanning With WMAP
  1. SECTION 3: Host & Network Penetration Testing
  2. Host & Network Penetration Testing: The Metasploit Framework (MSF)
  3. Vulnerability Scanning

Web Apps

Web App Vulnerability Scanning With WMAP

Tambien podemos realizar escaneos a aplicaciones web y como identificar vulnerabilidades dentro de las aplicaciones web, asi como la configuracion del servidor web.

WMAP

WMAP es un esc谩ner de vulnerabilidades de aplicaciones web potente y rico en funciones que se puede utilizar para automatizar la enumeraci贸n de servidores web y escanear aplicaciones web en busca de vulnerabilidades.

WMAP est谩 disponible como complemento de MSF y se puede cargar directamente en MSF.

WMAP est谩 completamente integrado con MSF, lo que en consecuencia nos permite realizar escaneos de vulnerabilidades de aplicaciones web desde dentro de MSF.

Demo: Web App Vulnerability Scanning With WMAP

# Inicializamos los servicios de metasploit
service postgresql start
[ 0k ] Starting PostgreSQL 11 database server: main.
msfconsole
db_status

# Configuramos el espacio de trabajo [Workspace]
msf5 > workspace -a Web_Scanning
[ * ] Added workspace:
Workspace: Web_Scanning

# Configurar la IP de la victima/hacker en la variable general
msf5 > setg RHOSTS 192.140.160.3
RHOSTS 192.140.160.3
msf5 > setg RHOST 192.140.160.3
RHOST 192.140.160.3

# Cargar el modulo de wmap
msf5 > load wmap

# Podemos listar para enumerar diversos comandos con TAB
msf5 > wmap_

# Para obtener ayuda -h
msf5 > wmap_sites -h

# Agregar el sitio destino
msf5 > wmap_sites -a 192.157.89.3
[ * ] Site created.

# Especificar las URL de destino que queremos volver a realizar
# Escaneo a mas de un sitio segun el orden definido, desde el 1ro de la izquierda
# hacia la derecha
msf5 > wmap_targets -h 
msf5 > wmap_targets -t http://192.157.89.31

# Enumerar los sitios que se agregaron
msf5 > wmap_sites -l
msf5 > wmap_targets -l

# Comenzar el analisis, puede abrir la documentacion, tambien puede
# ver todos los modulos habiltiados
msf5 > wmap_run -h
# Cargar todos los modulos
msf5 > wmap_run -t
# Ejecutar el escaneo de vulnerabilidad sobre el objetivo, recivira un log
# de las vulnerabilidades encontradas
msf5 > wmap_run -e
# Enumerar todas las vulnerabildiades encontradas y puede usar la documentacion
# con -h
wmap_vulns -l

# El log de las vulnerabilidades ayuda mucho puede encontrar vul en metdos
msf5 > use auxiliary/scanner/http/options
msf5 auxiliary(scanner/http/options) > show options
msf5 auxiliary(scanner/http/options) > run
# Si es culnerable a todos los metodos GET HEAD POST OPTIONS
msf5 auxiliary(scanner/http/options) > use auxiliary/scanner/http/http_put
msf5 auxiliary(scanner/http/http_put) > show options
msf5 auxiliary(scanner/http/http_put) > run
# Pude fallar, en caso de que falle simplemente cambie de PATH
msf5 auxiliary(scanner/http/http_put) > set PATH /data/
msf5 auxiliary(scanner/http/http_put) > run
# Este ataque es para un reversing
msf5 auxiliary(scanner/http/http_put) > curl http://192.157.89.3:80/data/msf_http_put_test.txt
msf5 auxiliary(scanner/http/http_put) > show options
msf5 auxiliary(scanner/http/http_put) > set FILEDATA "tHIS DOES WORK"
msf5 auxiliary(scanner/http/http_put) > set FILENAME THOSWORKS.TXT

Quiz: Web App Vulnerability Scanning With WMAP

PreviousNessusNextClient-Side Attacks

Last updated 10 months ago