Kali/Layer 7 Attacks
From charlesreid1
Application (Layer 7) Attacks
This page covers the use of Kali to carry out attacks on layer 7, the application layer. Also see Kali/Workflow.
Review
Let's review the network stack before we launch into network layer attacks.
| Layer | Name | Function |
|---|---|---|
| 7 | Application | Topmost layer, provides users a means to access network resources (only level seen by end user) |
| 6 | Presentation | Transforms data received into a format that is readable by the application layer. Handles encryption/description for secure data |
| 5 | Session | Manages communication sessions between computers. Manages connections with other devices. Half-duplex or full duplex. |
| 4 | Transport | Provide reliable data transport services to lower layers. |
| 3 | Network | Routes data between physical networks. Handles addressing, via IP. Handles packet fragmentation and error detection. Router level. Most complex layer. |
| 2 | Data Link | Transports data across a network. Provides addressing scheme to identify physical devices, bridges, switches, MAC addresses. |
| 1 | Physical | The physical medium for the network communication signals. |
(Please Do Not Touch Steve's Pet Alligator)
(Phys Dat Net Trans Sesh Prezzy App)
Layer 7 is the Application layer. It is the topmost layer, providing users a means to access network resources. This is the only layer seen by the end user.
Scenario
The application layer is where the most diverse and numerous attacks occur. This layer encompasses all end-user applications and services — web servers, email, file transfers, DNS, SSH, and more. Because this layer directly interfaces with users and processes their input, it presents the largest attack surface.
Application-layer attacks can be conducted remotely, often requiring nothing more than a network connection to the target service. This makes them the most common type of attack seen in the wild.
Web Application Attacks
Web applications running on HTTP/HTTPS are a primary target at Layer 7. Common attack vectors include:
SQL Injection
SQL injection involves injecting malicious SQL statements into input fields that are passed directly to a database. Sqlmap is the premier tool for automating SQL injection attacks, capable of detecting and exploiting a wide range of SQL injection vulnerabilities including blind SQLi, time-based SQLi, and error-based SQLi.
Cross-Site Scripting (XSS)
XSS attacks inject malicious client-side scripts into web pages viewed by other users. Tools like Burpsuite can be used to identify and exploit XSS vulnerabilities. XSS comes in three flavors: reflected, stored, and DOM-based.
Command Injection
Command injection vulnerabilities allow an attacker to execute arbitrary operating system commands on the web server. Commix is a tool specifically designed to automate the detection and exploitation of command injection vulnerabilities.
Directory Traversal
Directory traversal (or path traversal) attacks allow an attacker to access files and directories outside the web root. Dirbuster is a tool for brute-forcing directories and file names on web servers, which can reveal vulnerable paths and hidden resources.
File Inclusion (LFI/RFI)
Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities allow an attacker to include files on the server. LFI reads local files, while RFI executes remote code by including a file from an attacker-controlled server. Both can be identified and exploited using Burpsuite or the Metasploit Framework.
Authentication Attacks
Layer 7 authentication mechanisms — login forms, SSH, FTP, RDP, and others — are frequent targets. Hydra is a fast network login cracker that supports numerous protocols and can be used for brute-force attacks against authentication systems.
Application-Layer Denial of Service
Unlike Layer 4 DoS attacks which flood TCP connections, application-layer DoS attacks target specific application resources. Examples include:
- HTTP flood attacks — overwhelming a web server with legitimate-looking HTTP requests
- Slowloris — holding connections open indefinitely with partial HTTP requests, exhausting the server's connection pool
- XML External Entity (XXE) attacks that consume server resources by forcing XML parsers to process malicious external entities
Buffer Overflow Attacks
Buffer overflow vulnerabilities occur when an application writes more data to a memory buffer than it can hold. These are classic application-layer attacks that can lead to arbitrary code execution. The Metasploit Framework contains a large library of buffer overflow exploits and payloads.
DNS Attacks at the Application Layer
While DNS spans multiple layers, application-layer DNS attacks include DNS spoofing, cache poisoning, and DNS rebinding. These attacks manipulate how applications resolve domain names to IP addresses. At the application layer, an attacker may intercept DNS queries and return malicious responses, directing the sheep to attacker-controlled servers.
Cross-Site Request Forgery (CSRF)
CSRF attacks trick a user's browser into making unwanted requests to a web application where the user is authenticated. This allows an attacker to perform actions on behalf of the victim. Burpsuite can be used to test for CSRF vulnerabilities.
Flags
 |
Attack Layers pages addressing attack vectors, tools, and methodologies for each layer of the network stack.
1 Physical Attacks: Kali/Layer 1 Attacks 2 Data/MAC Attacks: Kali/Layer 2 Attacks 3 Network Attacks: Kali/Layer 3 Attacks 4 Transport Attacks: Kali/Layer 4 Attacks 5 Session Attacks: Kali/Layer 5 Attacks 6 Presentation Attacks: Kali/Layer 6 Attacks 7 Application Attacks: Kali/Layer 7 Attacks
Template:MITMFlag · Template:DoSFlag · Template:MetasploitableFlag Category:Attacks · Category:Kali Attack Layers Flags · Template:KaliAttackLayersFlag · e |