码迷,mamicode.com
首页 > Web开发 > 详细

Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)

时间:2018-12-24 02:43:21      阅读:183      评论:0      收藏:0      [点我收藏+]

标签:gem   service   led   str   under   option   schedule   finish   down   

1、now we looke at this book . I decide  to make a brief review

   the book covers as follows (I straight-forward copy here):
Chapter 1, Building a Vulnerable Web Application Lab, will help us to get and
install the vulnerable application Mutillidae using Windows and Linux. Also, we
will have a quick tour of how to use this vulnerable web application.
Chapter 2, Kali Linux Installation, will explain how to download, install, and
configure Kali Linux
Chapter 3, Delving Deep into the Usage of Kali Linux, will teach more about how
to deal with Kali Linux from the Terminal window, and will help you to become
a ninja in bash scripting as well.
Chapter 4, All About Using Burp Suite, covers what you need to know about
Metasploit to fulfil the role of a web application security expert.
Chapter 5, Understanding Web Application Vulnerabilities, explains the attacks
that can happen on a web application, and after finishing the chapter, you will be
able to use these skills to manipulate your findings during pentests.
Chapter 6, Application Security Pre-Engagement, will explain how to sign all the
necessary contracts before starting the tests. Also, you will learn how to
estimate, scope, and schedule your tests before they start.
Chapter 7, Application Threat Modeling, will explains that ATM is a security
architecture document that allows you to identify future threats and to pinpoint
the different pentest activities that need to be executed in the future deployment
of the web application project.
Chapter 8, Source Code Review, covers how to deal with the source code review
process. The source code is the heart or engine of a web application, and it must
be properly constructed from a security perspective.
Chapter 9, Network Penetration Testing, explains how to use Metasploit, Nmap,
and OpenVAS together to conduct a network infrastructure vulnerability
assessment.
Chapter 10, Web Intrusion Tests, will show how to look for web application based
vulnerabilities (SQLi, XSS, and CSRF) using Burp. Also, the readers will learn
how to take advantage of, get a remote shell, and probably elevate their
privileges on the victim web server.
Chapter 11, Pentest Automation Using Python, explains how to automate
everything that we have learned using the Python language for a more
performant result.
Appendix A, Nmap Cheat Sheet, a list of the most common Nmap options.
Appendix B, Metasploit Cheat Sheet, provides a quick reference to the Metasploit
framework.
Appendix C, Netcat Cheat Sheet, provides Netcat commands and a few popular
practical examples.
Appendix D, Networking Reference Section, provides important information about
networking, such as network subnets, port number, and its services.
Appendix E, Python Quick Reference, provides a quick overview of the amazing
programming language—Python.
2、now we looke at the first paragraph

   how install vulnerable web application on wondows or linux or Ubuntu    the application nmae‘s is Mutillidae in chinese(大黄蜂)

 at present how to download ,the address  url : www.packtpub.com

 another resource in GitHub  the address url:  https://github.com/PacktPublishing/Practical-web-Penetration-Testing

how to building  like this :

 step1 download Mutiliidae    url:  https:/sourceforge.net

技术分享图片

 

 3、install the simulation application  XAMPP 

    the XAMPP have Apache Mysql and php functions

   the download url : https://www.apachefriends.org/download.html

技术分享图片

4、before install the XAMPP close allover antivirus,for me I have been installed another  Trigger problems

  技术分享图片

 install   procedur as follows :  in this  here I use the default path C

技术分享图片技术分享图片

技术分享图片技术分享图片

我的电脑启动apacheL的时候 出现异常,因为之前安装过一个类似的application DVWA。也有可能是其他软件占用了固定的端口 ,修改配置文件如下

技术分享图片技术分享图片

 修改配置的端口后 启动成功。总结 修改一共两个端口 the one 服务端口 80 修改成8081   the second  监听端口 443 直接注释掉或者修改成1023以上的端口

 技术分享图片

5、how to install mutillidae

     search your ip

  技术分享图片

技术分享图片

 

Practical Web Penettation Testing (the first one Mutillidae 大黄蜂)

标签:gem   service   led   str   under   option   schedule   finish   down   

原文地址:https://www.cnblogs.com/xinxianquan/p/10166545.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!