https://charlesreid1.com/w/index.php?action=history&feed=atom&title=Kali%2FLayer_7_AttacksKali/Layer 7 Attacks - Revision history2026-06-20T10:33:39ZRevision history for this page on the wikiMediaWiki 1.39.12https://charlesreid1.com/w/index.php?title=Kali/Layer_7_Attacks&diff=30664&oldid=prevAdmin: Create Layer 7 (Application) Attacks page (via create-page on MediaWiki MCP Server)2026-06-19T05:53:53Z<p>Create Layer 7 (Application) Attacks page (via create-page on MediaWiki MCP Server)</p>
<p><b>New page</b></p><div>=Application (Layer 7) Attacks=<br />
<br />
This page covers the use of Kali to carry out attacks on layer 7, the application layer. Also see [[Kali/Workflow]].<br />
<br />
==Review==<br />
<br />
Let's review the network stack before we launch into network layer attacks.<br />
<br />
{{NetworkStack}}<br />
<br />
Layer 7 is the Application layer. It is the topmost layer, providing users a means to access network resources. This is the only layer seen by the end user.<br />
<br />
==Scenario==<br />
<br />
The application layer is where the most diverse and numerous attacks occur. This layer encompasses all end-user applications and services — web servers, email, file transfers, DNS, SSH, and more. Because this layer directly interfaces with users and processes their input, it presents the largest attack surface.<br />
<br />
Application-layer attacks can be conducted remotely, often requiring nothing more than a network connection to the target service. This makes them the most common type of attack seen in the wild.<br />
<br />
==Web Application Attacks==<br />
<br />
Web applications running on HTTP/HTTPS are a primary target at Layer 7. Common attack vectors include:<br />
<br />
===SQL Injection===<br />
<br />
{{Main|Sqlmap}}<br />
<br />
SQL injection involves injecting malicious SQL statements into input fields that are passed directly to a database. [[Sqlmap]] is the premier tool for automating SQL injection attacks, capable of detecting and exploiting a wide range of SQL injection vulnerabilities including blind SQLi, time-based SQLi, and error-based SQLi.<br />
<br />
===Cross-Site Scripting (XSS)===<br />
<br />
XSS attacks inject malicious client-side scripts into web pages viewed by other users. Tools like [[Burpsuite]] can be used to identify and exploit XSS vulnerabilities. XSS comes in three flavors: reflected, stored, and DOM-based.<br />
<br />
===Command Injection===<br />
<br />
{{Main|Commix}}<br />
<br />
Command injection vulnerabilities allow an attacker to execute arbitrary operating system commands on the web server. [[Commix]] is a tool specifically designed to automate the detection and exploitation of command injection vulnerabilities.<br />
<br />
===Directory Traversal===<br />
<br />
{{Main|Dirbuster}}<br />
<br />
Directory traversal (or path traversal) attacks allow an attacker to access files and directories outside the web root. [[Dirbuster]] is a tool for brute-forcing directories and file names on web servers, which can reveal vulnerable paths and hidden resources.<br />
<br />
===File Inclusion (LFI/RFI)===<br />
<br />
Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities allow an attacker to include files on the server. LFI reads local files, while RFI executes remote code by including a file from an attacker-controlled server. Both can be identified and exploited using [[Burpsuite]] or the [[MSF|Metasploit Framework]].<br />
<br />
==Authentication Attacks==<br />
<br />
{{Main|Hydra}}<br />
<br />
Layer 7 authentication mechanisms — login forms, SSH, FTP, RDP, and others — are frequent targets. [[Hydra]] is a fast network login cracker that supports numerous protocols and can be used for brute-force attacks against authentication systems.<br />
<br />
==Application-Layer Denial of Service==<br />
<br />
Unlike Layer 4 DoS attacks which flood TCP connections, application-layer DoS attacks target specific application resources. Examples include:<br />
* HTTP flood attacks — overwhelming a web server with legitimate-looking HTTP requests<br />
* Slowloris — holding connections open indefinitely with partial HTTP requests, exhausting the server's connection pool<br />
* XML External Entity (XXE) attacks that consume server resources by forcing XML parsers to process malicious external entities<br />
<br />
==Buffer Overflow Attacks==<br />
<br />
{{Main|MSF|Metasploit Framework}}<br />
<br />
Buffer overflow vulnerabilities occur when an application writes more data to a memory buffer than it can hold. These are classic application-layer attacks that can lead to arbitrary code execution. The [[MSF|Metasploit Framework]] contains a large library of buffer overflow exploits and payloads.<br />
<br />
==DNS Attacks at the Application Layer==<br />
<br />
{{Main|Man in the Middle/DNS}}<br />
{{Main|DoS/DNS}}<br />
<br />
While DNS spans multiple layers, application-layer DNS attacks include DNS spoofing, cache poisoning, and DNS rebinding. These attacks manipulate how applications resolve domain names to IP addresses. At the application layer, an attacker may intercept DNS queries and return malicious responses, directing the sheep to attacker-controlled servers.<br />
<br />
==Cross-Site Request Forgery (CSRF)==<br />
<br />
CSRF attacks trick a user's browser into making unwanted requests to a web application where the user is authenticated. This allows an attacker to perform actions on behalf of the victim. [[Burpsuite]] can be used to test for CSRF vulnerabilities.<br />
<br />
=Flags=<br />
<br />
{{KaliAttackLayersFlag}}</div>Admin