The Ultimate Guide to Web Application Penetration Testing with Kali Linux

Introduction

Web applications are prime targets for cyber-attacks, making penetration testing essential for securing online assets. This comprehensive guide provides an in-depth analysis of the top 10 critical web vulnerabilities, their subtypes, required Kali Linux tools, and step-by-step exploitation and mitigation techniques to help security professionals safeguard web applications effectively.

---

1. SQL Injection (SQLi)

Overview

SQL Injection (SQLi) occurs when attackers manipulate database queries through unsanitized user inputs, leading to unauthorized access, data leaks, or even full database compromise.

Types of SQLi

• Boolean-Based SQLi – Exploiting logical conditions (e.g., OR 1=1) to bypass authentication.
• Union-Based SQLi – Using UNION queries to extract database information.
• Time-Based SQLi – Introducing delays (e.g., SLEEP(5)) to confirm vulnerability.

Kali Linux Tools

• sqlmap – Automated SQL Injection tool.
• Burp Suite – Manual injection testing.
• Hydra – Credential brute-forcing.

Step-by-Step Exploitation

1. Identify vulnerable input fields (e.g., login forms, search bars).
2. Use sqlmap for automated scanning:

   sqlmap -u "http://example.com/login.php?id=1" --dbs
   

3. Manually test with SQL payloads:

   ' OR 1=1 --
   

Mitigation Strategies

• Implement prepared statements and parameterized queries.
• Use input validation and escaping special characters.

---

2. Cross-Site Scripting (XSS)

Overview

Cross-Site Scripting (XSS) vulnerabilities allow attackers to inject malicious scripts that execute in users' browsers, leading to session hijacking or data theft.

Types of XSS

• Stored XSS – Malicious script is permanently stored on the server.
• Reflected XSS – Script is reflected in the response and executed when a user clicks a malicious link.
• DOM-Based XSS – Manipulating the DOM to execute JavaScript in the user’s browser.

Kali Linux Tools

• XSStrike – Automated XSS detection.
• Burp Suite – Intercepting and modifying requests.

Step-by-Step Exploitation

1. Inject JavaScript payloads into input fields:

   <script>alert('XSS')</script>
   

2. Use XSStrike for automated detection:

   xsstrike -u "http://example.com/search?q=test"
   

Mitigation Strategies

• Sanitize user input.
• Implement Content Security Policy (CSP).

---

3. Broken Authentication

Overview

Weak authentication mechanisms can allow attackers to compromise user accounts through brute-force attacks, credential stuffing, or session hijacking.

Types of Broken Authentication

• Credential Stuffing – Using leaked credentials from previous breaches.
• Session Hijacking – Exploiting weak session management.
• Brute-Force Attacks – Guessing passwords using automation.

Kali Linux Tools

• Hydra – Brute-force attacks.
• Burp Suite – Intercepting login requests.

Step-by-Step Exploitation

1. Try default credentials.
2. Use Hydra to brute-force login credentials:

   hydra -l admin -P rockyou.txt http://example.com/login.php http-post-form "username=^USER^&password=^PASS^:F=incorrect"
   

Mitigation Strategies

• Enforce strong password policies.
• Implement multi-factor authentication (MFA).

---

4. Insecure Direct Object References (IDOR)

Overview

Attackers manipulate direct references in URLs or API requests to access unauthorized data.

Step-by-Step Exploitation

1. Identify URLs with object IDs:

   http://example.com/profile?id=123
   

2. Modify id=123 to id=124 and check if unauthorized data is accessible.

Mitigation Strategies

• Implement access control checks.
• Use randomized identifiers instead of sequential numbers.

---

5. Cross-Site Request Forgery (CSRF)

Overview

Attackers trick users into executing unwanted actions, such as changing passwords or making transactions.

Step-by-Step Exploitation

1. Intercept a form request with Burp Suite.
2. Remove CSRF tokens and resend the request.

Mitigation Strategies

• Implement CSRF tokens.
• Use SameSite cookies.

---

6. Server-Side Request Forgery (SSRF)

Overview

Attackers force a server to make unintended internal or external requests.

Step-by-Step Exploitation

1. Modify a URL input field to request internal resources:

   http://localhost:80/admin
   

Mitigation Strategies

• Implement allowlists for outgoing requests.
• Restrict internal network access.

---

7. Remote Code Execution (RCE)

Overview

Attackers execute arbitrary commands on the server, leading to full system compromise.

Step-by-Step Exploitation

1. Inject OS commands in vulnerable parameters:

   ; ls -la
   

Mitigation Strategies

• Sanitize user input.
• Apply least privilege principles.

---

8. Security Misconfiguration

Overview

Misconfigured security settings expose applications to attacks.

Step-by-Step Exploitation

1. Scan the target using Nikto:

   nikto -h http://example.com
   

Mitigation Strategies

• Disable debug mode in production.
• Change default credentials.

---

9. Sensitive Data Exposure

Overview

Exposing sensitive data like passwords and API keys can lead to severe security breaches.

Step-by-Step Exploitation

1. Scan for exposed secrets:

   gitleaks detect
   

Mitigation Strategies

• Encrypt sensitive data.
• Avoid storing plaintext passwords.

---

10. XML External Entity (XXE) Attacks

Overview

Attackers exploit XML parsers to access system files.

Step-by-Step Exploitation

1. Inject a payload into an XML request:

   <!DOCTYPE foo [<!ENTITY xxe SYSTEM "file:///etc/passwd">]>
   

Mitigation Strategies

• Disable external entity parsing.
• Use JSON instead of XML.

---

Conclusion

Web application penetration testing using Kali Linux is critical for identifying and mitigating vulnerabilities. By following these testing and mitigation techniques, security professionals can harden applications against cyber threats.

🔒 Secure your applications before it's too late! 🔒