Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Ethical Hacking from Scratch
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Ethical Hacking from Scratch

Learn Ethical Hacking from Scratch

By : Sabih
4.4 (17)
Buy this Book
close
close
Learn Ethical Hacking from Scratch

Learn Ethical Hacking from Scratch

4.4 (17)
By: Sabih
Buy this Book

Overview of this book

This book starts with the basics of ethical hacking, how to practice hacking safely and legally, and how to install and interact with Kali Linux and the Linux terminal. You will explore network hacking, where you will see how to test the security of wired and wireless networks. You’ll also learn how to crack the password for any Wi-Fi network (whether it uses WEP, WPA, or WPA2) and spy on the connected devices. Moving on, you will discover how to gain access to remote computer systems using client-side and server-side attacks. You will also get the hang of post-exploitation techniques, including remotely controlling and interacting with the systems that you compromised. Towards the end of the book, you will be able to pick up web application hacking techniques. You'll see how to discover, exploit, and prevent a number of website vulnerabilities, such as XSS and SQL injections. The attacks covered are practical techniques that work against real systems and are purely for educational purposes. At the end of each section, you will learn how to detect, prevent, and secure systems from these attacks.
Table of Contents (24 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Free Chapter
1
Introduction
Icon
Introduction
Icon
What's in this book?
Icon
What is hacking?
Icon
Why should we learn about hacking?
Icon
A glimpse of hacking
Icon
Summary
2
Setting Up a Lab
Icon
Setting Up a Lab
Icon
Lab overview
Icon
Installing Kali Linux
Icon
Installing Metasploitable
Icon
Installing Windows
Icon
Creating and using snapshots
Icon
Summary
3
Linux Basics
Icon
Linux Basics
Icon
Overview of Kali Linux
Icon
Linux commands
Icon
Updating resources
Icon
Summary
4
Network Penetration Testing
Icon
Network Penetration Testing
Icon
What is a network?
Icon
Network basics
Icon
Connecting to a wireless adapter
Icon
MAC addresses
Icon
Wireless modes – managed and monitor
Icon
Enabling monitor mode manually
Icon
Enabling monitor mode using airmon-ng
Icon
Summary
5
Pre-Connection Attacks
Icon
Pre-Connection Attacks
Icon
Packet sniffing basics
Icon
Targeted packet sniffing
Icon
Deauthentication attack
Icon
What is a fake access point?
Icon
Creating fake access points with the MANA Toolkit
Icon
Summary
6
Network Penetration Testing - Gaining Access
Icon
Network Penetration Testing - Gaining Access
Icon
WEP theory
Icon
Basic web cracking
Icon
Fake authentication attack
Icon
ARP request replay
Icon
WPA introduction
Icon
WPS cracking
Icon
Handshake theory
Icon
Capturing the handshake
Icon
Creating a wordlist
Icon
Wordlist cracking
Icon
Securing network from attacks
Icon
Summary
7
Post-Connection Attacks
Icon
Post-Connection Attacks
Icon
Post-connection attacks
Icon
Summary
8
Man-in-the-Middle Attacks
Icon
Man-in-the-Middle Attacks
Icon
Man-in-the–middle attacks
Icon
Wireshark
Icon
Summary
9
Network Penetration Testing, Detection, and Security
Icon
Network Penetration Testing, Detection, and Security
Icon
Detecting ARP poisoning
Icon
Detecting suspicious behavior
Icon
Summary
10
Gaining Access to Computer Devices
Icon
Gaining Access to Computer Devices
Icon
Introduction to gaining access
Icon
Sever-side attacks
Icon
Server-side attack basics
Icon
Server-side attacks – Metasploit basics
Icon
Metasploit remote code execution
Icon
Summary
11
Scanning Vulnerabilities Using Tools
Icon
Scanning Vulnerabilities Using Tools
Icon
Installing MSFC
Icon
MSFC scan
Icon
MSFC analysis
Icon
Installing Nexpose
Icon
Running Nexpose
Icon
Nexpose analysis
Icon
Summary
12
Client-Side Attacks
Icon
Client-Side Attacks
Icon
Client-side attacks
Icon
Installing Veil
Icon
Payloads overview
Icon
Generating a Veil backdoor
Icon
Listening for connections
Icon
Testing the backdoor
Icon
Fake bdm1 updates
Icon
Client-side attacks using the bdm2 BDFProxy
Icon
Protection against delivery methods
Icon
Summary
13
Client-Side Attacks - Social Engineering
Icon
Client-Side Attacks - Social Engineering
Icon
Client-side attacks using social engineering
Icon
Maltego overview
Icon
Social engineering – linking accounts
Icon
Social engineering – Twitter
Icon
Social engineering – emails
Icon
Social engineering – summary
Icon
Downloading and executing AutoIt
Icon
Changing the icon and compiling the payload
Icon
Changing extensions
Icon
Client-side attacks – TDM email spoofing
Icon
Summary
14
Attack and Detect Trojans with BeEF
Icon
Attack and Detect Trojans with BeEF
Icon
The BeEF tool
Icon
BeEF – hook using a MITMf
Icon
BeEF – basic commands
Icon
BeEF – Pretty Theft
Icon
BeEF – Meterpreter 1
Icon
Detecting Trojans manually
Icon
Detecting Trojans using a sandbox
Icon
Summary
15
Attacks Outside the Local Network
Icon
Attacks Outside the Local Network
Icon
Port forwarding
Icon
External backdoors
Icon
IP forwarding
Icon
External BeEF
Icon
Summary
16
Post Exploitation
Icon
Post Exploitation
Icon
An introduction to post exploitation
Icon
Meterpreter basics
Icon
Filesystem commands
Icon
Maintaining access by using simple methods
Icon
Maintaining access by using advanced methods
Icon
Keylogging
Icon
An introduction to pivoting
Icon
Pivoting autoroutes
Icon
Summary
17
Website Penetration Testing
Icon
Website Penetration Testing
Icon
What is a website?
Icon
Attacking a website
Icon
Summary
18
Website Pentesting - Information Gathering
Icon
Website Pentesting - Information Gathering
Icon
Information gathering using tools
Icon
Websites on the same server
Icon
Information gathering from target websites
Icon
Summary
19
File Upload, Code Execution, and File Inclusion Vulnerabilities
Icon
File Upload, Code Execution, and File Inclusion Vulnerabilities
Icon
File upload vulnerabilities
Icon
Code execution vulnerabilities
Icon
Local file inclusion vulnerabilities
Icon
Remote file inclusion using Metasploitable
Icon
Basic mitigation
Icon
Summary
20
SQL Injection Vulnerabilities
chevron up
Icon
SQL Injection Vulnerabilities
Icon
What is SQL?
Icon
The dangers of SQLi
Icon
Discovering SQLi
Icon
SQLi authorization bypass
Icon
Discovering an SQLi using the GET method
Icon
Basic SELECT statements
Icon
Discovering tables
Icon
Reading columns and their data
Icon
Reading and writing files on the server
Icon
The sqlmap tool
Icon
Preventing SQLi
Icon
Summary
21
Cross-Site Scripting Vulnerabilities
Icon
Cross-Site Scripting Vulnerabilities
Icon
Introduction to XSS
Icon
Reflected XSS
Icon
Stored XSS
Icon
XSS BeEF exploitation
Icon
XSS protection
Icon
Summary
22
Discovering Vulnerabilities Automatically Using OWASP ZAP
Icon
Discovering Vulnerabilities Automatically Using OWASP ZAP
Icon
OWASP ZAP start
Icon
OWASP ZAP results
Icon
Summary
23
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Preventing SQLi

So far, we have seen that SQL injections are very dangerous; they also occur very easily and are very easy to find. We will find them everywhere, even in really famous websites. People try to prevent these vulnerabilities using filters. Filters can make it look like there are no exploits, but if we actually try harder, by using different types of encoding, or a proxy, we will be able to bypass most of these filters. Some programmers use a blacklist so, for example, they prevent the use of union and the insert statement. Again, it's not 100% secure, and it can be bypassed. Using a whitelist has exactly the same issues as a blacklist.

The best way to prevent SQLi is to program our web application so that it does not allow code to be injected into it and then executed. So, the best way to do that is to use parameterized statements, where the data and the code...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 12
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY