Random1

profilexrz240
Random1.docx
Home>Architecture and Design homework help>Random1

SEC 4030 Ethical Hacking

Term: Summer 2021

Notes When Completing the Lab

· You will be using a tool called Virginia Cyber Range. Please use a VPN when you use it.

Link: https://console.virginiacyberrange.net/courses

Email to use: [email protected]

· Once the link opens and you are logged in:

Click on SEC 4030 Ethical Hacking

Then Environment: Cyber Basics (2020.12)

Click on the start button below

This will have you inside the Virtual Environment you will use to complete the lab

· Follow the Instructions below to complete the lap. They give you word to word instructions. If there is any confusion, please use google to figure it out.

· Link to Lecture: https://virginia.zoom.us/rec/play/eClTXF5H-C0lKgFpvUTj3o9TlRky3D0K7IqV-5wNcOV9ItsetR3l2MCfHkUR61GuI7s_W_HymMqlJHVe.CKNuQGQTpgIg8a06

COMPLETE LAB BELOW According to the INSTRUCTIONS

Lab Assignment 5 – Injection

Due Date: July 8, 2021 by 11:59pm ET

Points Possible: 10

Name:

1. Overview

You are an ethical hacker and your client, DVWA, has asked you to test their web server and application for vulnerabilities. You find that they have some built-in functionality on their site to interact with a database and to upload files. You are able to exploit these features to obtain the passwords of users in the database and gain root level access to the target!

3. Initial Setup

For this lab, we will use an intentionally vulnerable web application called DVWA (Damn Vulnerable Web Application that is installed on the Cyber Range. Log into the Virginia Cyber Range Cyber Basics (2018) environment.

On your Cyber Range Kali Linux system, open a web browser and enter the following: http://dvwa.example.com/

Log in to DVWA with these credentials:

Username: admin

Password: password

Once logged in, click on the DVWA Security button on the left side of the page and set to ‘low’, then click ‘submit’. DVWA provides a range of security levels so users can test their skills and try different techniques to bypass increasingly secure web application implementations.

Task 1. SQL Injection

You see that DVWA has a form to look up data by User ID and after examining the code you suspect a SQL injection vulnerability.

Click on the ‘SQL Injection’ button on your DVWA menu on the left. The input box on the SQL Injection page asks for a User ID. You enter a 1 in this field and the web page constructs the following SQL query:

SELECT first_name, last_name FROM users WHERE user_id = ‘1’

You decide to enter something that would always evaluate to ‘True’, to see if the database will return every first and last name in the database. You may try a few different things, so if you get a SQL error message hit the back button and try something else.

Question 1: What did you enter in the User ID field that gave you the first and last name of every user in the database?

Question 2: What is the SQL query that it constructs to give you the results?

Because you are also a super coder you come up with some code that will display all of the information in the table. Enter the following in the User ID query:

%' and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users #

This will display the contents of the user table including the password field for each user.

Question 3: List each user and their cracked password. (Hint: You determine that these passwords look like MD5 hashes and find a way to crack them)

Task 2. File Injection

Now that you have compromised the database and user information you move on to the potential file upload vulnerabilities.

First you create a malicious file to upload using the weevely tool. Open the terminal and type the following command:

weevely generate abcxyz /home/student/Desktop/hack.php

Here is some information about this command:

weevely: name of the tool we are using. generate: to generate the reverse shell to remotely open a backdoor to the system. abcxyz: password for the reverse shell, so that only we can connect (you can use any password of your own, in my case I used “abcxyz”) /home/student/Desktop/hack.php: name and location of the file we are creating using weevely.

Now return to your DVWA website and click on the ‘File Upload’ button on your DVWA menu on the left. You will see that you can browse for a file and upload it. Browse for the hack.php file you just created and upload it.

Once it uploads successfully, open a new tab and go to http://dvwa.example.com/hackable/uploads/hack.php. You’ll see a Blank page (NO file not found error), this means the file has been uploaded successfully.

Now, head back to the terminal and use weevely to connect to your reverse shell:

weevely http://dvwa.example.com/hackable/uploads/hack.php abcxyz

Once you are connected to the reverse shell, you can execute the Linux commands like ls, pwd, etc.

Question 4: Cut and paste or screen capture the /etc/passwd file contents that you can now access.

Congratulations, if everything went well you now pwn the target system!

References

· http://www.dvwa.co.uk/

© 2019 Virginia Cyber Range. Created by David Raymond. Modified by Angela Orebaugh. (CC BY-NC-SA 4.0)