Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Hands-On Penetration Testing with Python Enhance your ethical hacking skills to build automated and intelligent systems

Product type Paperback

Published in Jan 2019

Publisher Packt

ISBN-13 9781788990820

Length 502 pages

Edition 1st Edition

Languages

Python

Concepts

Ethical Hacking

Author (1):

Furqan Khan

View More author details

Table of Contents (18) Chapters

Preface

1. Introduction to Python

2. Building Python Scripts FREE CHAPTER

3. Concept Handling

4. Advanced Python Modules

5. Vulnerability Scanner Python - Part 1

6. Vulnerability Scanner Python - Part 2

7. Machine Learning and Cybersecurity

8. Automating Web Application Scanning - Part 1

9. Automated Web Application Scanning - Part 2

10. Building a Custom Crawler

11. Reverse Engineering Linux Applications

12. Reverse Engineering Windows Applications

13. Exploit Development

14. Cyber Threat Intelligence

15. Other Wonders of Python

16. Assessments

17. Other Books You May Enjoy

Leave a review - let other readers know what you think

Scripting exploits over web-based vulnerabilities

In this section, we are going to use an example of a Damn Vulnerable Web Application (DVWA). We will write an exploit for local and remote file inclusion and ensure that we get a reverse shell by executing the exploit. As we know, DVWA has many vulnerabilities, which include Local File Inclusion (LFI) and Remote File Inclusion (RFI).

Local file inclusion is a category of vulnerability typically found in PHP applications and is introduced by the improper usage of the include() and require() functions. The include() function is used to include a PHP module in the current PHP file from where it is invoked. There are occasions in which the developer takes the name of the file to be included as an input parameter from the web application, which can then be misused by attackers. An attacker can tweak the input parameter and can read...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (1)

Furqan Khan

Furqan Khan is a security researcher who loves to innovate in Python, pentesting, ML, AI, and big data ecosystems. With a gold medal at both M.Tech and B.Tech, he started off as a research scientist at NITK, where he developed a web app scanner for the Ministry of IT (India). He then worked as a security researcher with Paladion Networks and Wipro Dubai exploring pentesting/exploitation space where he developed tools such as vulnerability scanner and a threat intelligence platform. Currently, he is working with Du-Telecom Dubai as a pentesting manager. He has published and co-authored white papers and journals with Springer and Elsevier, and has also presented his research and development work at international conferences, including CoCon.

See other products by Furqan Khan