LAB 6: WEB APPLICATION ATTACKS

Abstract
Perform web application attacks and other tasks using numerous tools and techniques to hack a target w

Moratiwa Mmopi
201902294
Table of Contents
OVERVIEW...................................................................................................................................................2
LAB 1: Perform a Web Server Attack to Crack FTP Credentials....................................................................3
TASK 1: Crack FTP Credentials using a Dictionary Attack.............................................................................3
LAB 2 Perform a Web Application Attack to Compromise the Security of Web Applications to Steal
Sensitive Information..................................................................................................................................7
TASK 1: Perform Parameter Tampering using Burp Suite............................................................................7
LAB 3 Perform SQL Injection Attacks on a Target Web Application to Manipulate the Backend Database
..................................................................................................................................................................13
TASK 1: Perform an SQL Injection Attack Against MSSQL to Extract Databases using sqlmap...................13
LAB 4 Detect SQL Injection Vulnerabilities using SQL Injection Detection Tools.......................................17
TASK 1: Detect SQL Injection Vulnerabilities using DSSS...........................................................................17
CONCLUSION.............................................................................................................................................22
REFERENCES..............................................................................................................................................22
OVERVIEW

BRIEF DESCRIPTION
Through a series of web pages generated at the server end or script code to be run
dynamically in a client's Web browser, web applications provide an interface
between end-users and web servers. Web apps run in web browsers and are
composed of a combination of server-side scripts (such as ASP and PHP) and client-
side scripts (such as HTML and JavaScript). A web application's functionality is
determined by its architecture, which includes the hardware and software that
conducts functions such as reading requests, searching, gathering, and displaying
data.

OBJECTIVES
 Footprint a webserver using various information-gathering tools and inbuilt
commands.
 Crack remote passwords
 Exploiting parameter tampering vulnerability
 Performing a SQL injection attack on MSSQL database
 Extracting basic SQL injection flaws and vulnerability
 Detecting SQL injection vulnerabilities

RESOURCES
 Parrot Security
 Windows Server 2019
 Windows Server 2016
 Ubuntu
 Android
LAB 1: Perform a Web Server Attack to Crack FTP
Credentials
To access the target computer's password, The attacker tries all possible techniques
to extract the necessary passwords, including password guessing, dictionary
attacks, brute force attacks, hybrid attacks, pre-computed hashes, rule-based
attacks, distributed network attacks, and rainbow attacks.
In this lab I will be demonstrating how easy it is for hackers obtain FTP credentials
networks and demonstrate the vulnerabilities that exist in web servers.

TASK 1: Crack FTP Credentials using a Dictionary Attack

Step 1
In this lab I will be using parrot security and I switched to parrot security machine as
shown below.
Step 2
I then opened a new terminal window and used the command sudo su to run the
program as root user and then used the command cd to jump to the root directory
as illustrated in the snapshot below.

Step 3
I used the command nmap –p 21 10.10.1.10 which in full is network scanner to
scan IP addresses and ports in a network, and it is shown in the screenshot that port
21 is open in Windows 10
Step 4
I then managed to check if the FTP server is hosted on the windows 10 machine and
as shown in the screenshot below we are not going to manage to log in to the FTP
server.

Step 5
In this step I tried gaining access to the FTP server by performing a dictionary attack
using the THC Hydra tool and I used the command hydra
-L/home/attacker/Desktop/Wordlists/Usernames.txt -P
/home/attacker/Desktop/Wordlists/Passwords.txt ftp://10.10.1.10 to do so.
Step 6
I was able to successfully log in to the FTP server using one of the cracked
username and password combinations. In this lab, I used Martin’s credentials to
gain access to the server as shown in the screenshot below.

Step 7
I remotely created a directory named Hacked on the Windows 10 machine through
the ftp terminal as shown below.
Step 8
I switched to the Windows 10 machine and navigated to C:\FTP where I saw a
directory named Hacked, as shown in the screenshot.

LAB 2 Perform a Web Application Attack to Compromise

the Security of Web Applications to Steal Sensitive
Information

TASK 1: Perform Parameter Tampering using Burp Suite

Step 1
In Mozilla Firefox I navigated to http://www.moviescope.com as shown below.
Step 2
I then set up a Burp Suite proxy by configuring the proxy settings of the browser as
shown below.
Step 3
In this step I just launched the Burp Site application
Step 4
After logging onto the browser, I opened the view profile tab.
Step 5
After the previous step, I then navigated to the Params tab which is under the
Intercept tab in order to view the captured parameters.
Step 6
I changed the value in the URL from 1 to 2 and after doing this, in the raw tab I also
turned off interception as it is demonstrated in the screenshot below.

Step 7
After I switched off the interception in the previous step, I went back to the browser
and I could observe that the user account with ID=2 appears with John’s name.
LAB 3 Perform SQL Injection Attacks on a Target Web
Application to Manipulate the Backend Database

TASK 1: Perform an SQL Injection Attack Against MSSQL

to Extract Databases using sqlmap

Step 1
I followed the same steps from the previous lab and opened the web browser and
navigated to moviescope.com. After logging into the website I viewed the profile as
shown below.

Step 2
I then Opened Inspect Element(Q) and the developer tool appeared.
Step 3
I then opened a new terminal window and used the command sudo su to run the
program as root user and then used the command cd to jump to the root directory
as illustrated in the snapshot below.

Step 4
I then used the command sqlmap –u
"http://www.moviescope.com/viewprofile.aspx?id=1" –
cookie=”mscope=1jWydNf8wro=; ui-tabs-1=0” –dbs to make the sqlmap
enforce various injection techniques.
Step 4
I used command sqlmap -u "http://www.moviescope.com/viewprofile.aspx?
id=1" --cookie=”mscope=1jWydNf8wro=; ui-tabs-1=0” -D moviescope –
tables to determine the tables associated with the database moviescope.
Step 5
I then typed the command TASKLIST so as to view a list of tasks that are currently
running on the target system and the list is displayed in the screenshot below. This
retrieves the tasks and displays them under the command structure output.
This is the end of the demonstration of how to launch a SQL injection attack.

LAB 4 Detect SQL Injection Vulnerabilities using SQL

Injection Detection Tools

TASK 1: Detect SQL Injection Vulnerabilities using DSSS

Step 1
Firstly, I switched to Parrot security machine and opened a new terminal window as
it is shown below.
Step 2
I used the command sudo su to run the program as root user.

Step 3
I then used the command cd to jump to the root directory as illustrated in the
snapshot below.
Step 4
I typed in the command cd DSSS so as to navigate to the DSSS folder.

Step 5
The command python3 dsss.py is used to view a list of available options in the
DSSS application and I used it to do that as shown below.

Step 6
After navigating to moviescope and logging in, I opened Inspect Element (Q)

Step 7
I switched back to the terminal window and typed the command python3 dsss.py
-u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie=" so as to
cause the DSSS to scan the target website.
Step 8
The screenshot below displays the results of the target website.

This is the end of the demonstration of how to detect SQL injection vulnerabilities
using DSSS
CONCLUSION
SQL Injection, Path Traversal, and Cross-Site Scripting are the most prevalent and
effective assaults. Hackers do not necessarily aim at obtaining access to a particular
site. Increasingly, they target the personal and payment data of clients. We also see
attacks aimed at infecting a site with malware, which allows the hackers to reach
more victims and use vulnerable sites for targeted infection in a watering hole
attack.

REFERENCES
 https://www.tripwire.com
 https://www.cisecurity.org/