Pentesting Assignment

Here is your task: The str$\_$ireplace$($script$,$ null, $)$ function disallows the SCRIPT element used in Reflected XSS lab from being executed. However, if you understand how the control works, then you can bypass this control. Your task is to bypass the control by allowing a different SCRIPT element to execute.

To bypass this function, follow these steps:

Refer to reputable sources for an explanation of how the str$\_$ireplace function works.

Research code vulnerability databases to see how others have bypassed this control.

Pentest the site armed with the information learned and the procedure demonstrated in this section.

image$035.$jpg

Perform these steps prior to pentesting:

Click the START button in the adjoining window.

image$002.$jpg

Click the Kali workstation icon in the topology.

image$009.$png

Type root in the Username field and press Enter.

image$010.$jpg

Type P@ssw$0$rd into the Password field and press Enter.

image$011.$jpg

Click on the terminal icon.

image$012.$jpg

Execute the following command and provide the support user$$s password to establish an SSH session with the backend web server.

root@Hacker:~# ssh support@urbank.com

support@urbank.com$$s password: P@ssw$0$rd

Note: The password of P@ssw$0$rd will not be displayed when you type it for security purposes.

image$014$L$5$b$.$jpg

Execute the following command and provide the sudo password when prompted, to run all the steps prior to this lab.

support@Web:~$ LAB$05$B

$[$sudo$]$ password for support: P@ssw$0$rd

Note: if you submit an incorrect password, then script may only partially run and you may have to restart the session. Also note: you should wait for the script to complete before continuing.

ex setup.PNG

Execute the following command to open index.php into with the nano text editor.

support@Web:~$ sudo nano $$c $/$var$/$www$/$WebServer$/$index$.$php

image$028.$jpg

Add str$\_$ireplace$($script$,$ null, $)$ to line $15.$

image$029.$jpg

Press and hold the Ctrl key and the x key $($Ctrl$+$x$).$

image$030.$jpg

Press the y key.

image$031.$jpg

Press Enter.

image$032.$jpg

Click the minimize button on the terminal.

min term.PNG

Click the Iceweasel icon.

image$019.$jpg

Type urbank.com to the browser's search field and press Enter. Type the query parameter $?$myusername$=$ and append your SCRIPT element and press Enter.

pen$1\_0.$PNG

There are two ways to tell if your attack was successful:

If the JavaScript executes

If the complete SCRIPT element is injected