Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

In this lab I need you to follow the steps in the attached file and take screenshots of the work done to each step. explain

image text in transcribed

image text in transcribed

In this lab I need you to follow the steps in the attached file and take screenshots of the work done to each step. explain briefly under each screenshots what the step will do. please make sure that in the end of the lab you write a brief summary about the work and the goals of this lab. make sure when you work in kali, weevely, or Metasploitable that the user name should not mention a person name. If applications is downloaded from the internet please take screenshot of that applicatio

Lab1: File Upload Vulnirabilities Objective By completion of the lab the students should be able to 1. Students should be able to identify file upload vulnerabilities in a website and exploit it 2. Students should be able to write a secure code for uploading a file to the website to avoid common attacks associated with file upload. Lab Requirements - Desktop or laptop with either Windows or Unix OS - Virtual box with Kali Linux - Metasploitable virtual machine Lab Description: File upload vulnerabilities are one of the simplest to exploit. They allow users to upload executable files to the webserver such as php files which can gain them unlawful connection to it later. In this lab you will exploit several vulnerabilities in dvwa website (in metasploitable machine) associated with file uploads. You will experiment with different security levels. Then you will learn how to write a secure file upload code to avoid such attacks whenever you build a website. Good luck! Lab Steps: 1. Use weevely to generate a payload: a. weevely generate (password) [filename] : i. example: weevely generate 123456 /root/shell.php b.upload generated file from dvwa upload link C connect to it: weevely Curl to file) (password] i. example: weevely http://10.10.2.5 /dvwa/hackable/uploads/shell.php 123456 ii. once connected, you will have a shell. You can run any command you want. Also, weevely has a lot of commands to execute all for the purpose of penetration testing. You can type help for information about these commands and their uses. 2. Change the security level to medium then try to upload the file the same way as in step 1, what happens here? 3. Use burp to intercept HTTP requests to modify the file before it is sent to the webserver. This step is done to bypass client-side filtration. 4. To use burp, start it from the dock in kali 5. Burt suite has many features, but we are interested in the proxy. Go to proxy then options. Make sure the proxy runs on port 8080 6. To start intercepting, modify the browser's settings to use the already setup proxy on http port 8080 7. Because in this security setting there is client side filter that checks for the file type, rename your php shell to shell.jpg 8. Upload shell.jpg as previously, now the request is being intercepted in burp 9. In the headers, rename the file to shell2.php and leave the file type as image. Then forward the request. Voila! The file should be successfully uploaded, and you can connect to it using weevely as previously. 10. Now, change the security setting to high and try steps 3-9. This will not work. This is because there are two filters. One checking for the file type and another to check for the file extension. 11. To bypass this, repeat the steps 3-6 but in step 9, instead of renaming the file to shell2.php, rename it to shell3.php.jpg then forward the request. This should work! And you can connect to your shell3.php.jpg using weevely as previously. Lab Assessment In the lab, you have learned how to exploit a file upload vulnerability in the two security levels, the low and medium. Here, you are required to exploit the same vulnerability in the high security level following the steps provided. Provide a report with screen shots showing the successful exploitation. Then, prepare a report to pinpoint the main differences between the three security levels codes. Finally, write a secure code to avoid all types of file uploads vulnerabilities. Lab1: File Upload Vulnirabilities Objective By completion of the lab the students should be able to 1. Students should be able to identify file upload vulnerabilities in a website and exploit it 2. Students should be able to write a secure code for uploading a file to the website to avoid common attacks associated with file upload. Lab Requirements - Desktop or laptop with either Windows or Unix OS - Virtual box with Kali Linux - Metasploitable virtual machine Lab Description: File upload vulnerabilities are one of the simplest to exploit. They allow users to upload executable files to the webserver such as php files which can gain them unlawful connection to it later. In this lab you will exploit several vulnerabilities in dvwa website (in metasploitable machine) associated with file uploads. You will experiment with different security levels. Then you will learn how to write a secure file upload code to avoid such attacks whenever you build a website. Good luck! Lab Steps: 1. Use weevely to generate a payload: a. weevely generate (password) [filename] : i. example: weevely generate 123456 /root/shell.php b.upload generated file from dvwa upload link C connect to it: weevely Curl to file) (password] i. example: weevely http://10.10.2.5 /dvwa/hackable/uploads/shell.php 123456 ii. once connected, you will have a shell. You can run any command you want. Also, weevely has a lot of commands to execute all for the purpose of penetration testing. You can type help for information about these commands and their uses. 2. Change the security level to medium then try to upload the file the same way as in step 1, what happens here? 3. Use burp to intercept HTTP requests to modify the file before it is sent to the webserver. This step is done to bypass client-side filtration. 4. To use burp, start it from the dock in kali 5. Burt suite has many features, but we are interested in the proxy. Go to proxy then options. Make sure the proxy runs on port 8080 6. To start intercepting, modify the browser's settings to use the already setup proxy on http port 8080 7. Because in this security setting there is client side filter that checks for the file type, rename your php shell to shell.jpg 8. Upload shell.jpg as previously, now the request is being intercepted in burp 9. In the headers, rename the file to shell2.php and leave the file type as image. Then forward the request. Voila! The file should be successfully uploaded, and you can connect to it using weevely as previously. 10. Now, change the security setting to high and try steps 3-9. This will not work. This is because there are two filters. One checking for the file type and another to check for the file extension. 11. To bypass this, repeat the steps 3-6 but in step 9, instead of renaming the file to shell2.php, rename it to shell3.php.jpg then forward the request. This should work! And you can connect to your shell3.php.jpg using weevely as previously. Lab Assessment In the lab, you have learned how to exploit a file upload vulnerability in the two security levels, the low and medium. Here, you are required to exploit the same vulnerability in the high security level following the steps provided. Provide a report with screen shots showing the successful exploitation. Then, prepare a report to pinpoint the main differences between the three security levels codes. Finally, write a secure code to avoid all types of file uploads vulnerabilities

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Expert Oracle9i Database Administration

Authors: Sam R. Alapati

1st Edition

1590590228, 978-1590590225

More Books

Students also viewed these Databases questions

Question

=+A ticket machine used by passengers at a railway station.

Answered: 1 week ago

Question

b. Did you suppress any of your anger? Explain.

Answered: 1 week ago