Lab 14 Web Application Vulnerabilities

Exercise 1: Installing XAMPP

First, we start in the Server VM and in the properties to World Wide Web Publishing Service and stop the service as well as disabling it on startup.

Next, we need to go into Change User Account Control Settings and change it to never notify.

Now we navigate to the xampp installer and run it.

This slideshow requires JavaScript.

Now it’s installed we need to start the Apache Module and the MySQL module.

Exercise 2: Installing DVWA

We now need to setup DVWA, so we need to extract the zip file to \xampp\htdocs

Now it has been extracted we now need to rename the DVMA-1.0.8 folder to dvwa.

This slideshow requires JavaScript.

Now navigating to c:\xampp\htdocs\dvwa\config we need to edit the config.inc.php file, we need to find the line ‘$_DVWA[ ‘db_password’ ] = ‘p@ssw0rd’;’ and change to ‘$_DVWA[ ‘db_password’ ] = ”;’

Now we need to setup the Windows firewall to allow specific inbound ports for XAMPP.

This slideshow requires JavaScript.

Now we need to setup DVWA.

This slideshow requires JavaScript.

Exercise 3: Exploiting a Command Execution Vulnerability

Now we will test some exploits using DVWA.

This slideshow requires JavaScript.

Here you can see I can send pings to the server via DVWA, noting the packet size of 32bytes.

Here we can see I can change the size of the packets been sent, this time changing it to 800 bytes.

Using /? lists the commands the program can use.

What can we tell from these results about how the application works?

This application can preform a bunch of ping commands, from information gathering to denial of service attacks, here we can see we can create a command to send pings with a buffer size of what ever we want, which is a good way of preforming DOS attacks.

The server | dir command lists the directory of where DVWA is located because it’s like any directory command, if you just type in dir you will get a list of files within the current directory.

Exercise 4: Exploiting a SQL Injection Vulnerability

This slideshow requires JavaScript.

Here we can see the SQL injection works by having direct access to the SQL database where we can pull information from within the database.

Exercise 5: Exploiting a Cross Site Scripting Vulnerability

Now we will run an attack with a script that is not part of the original code.

This slideshow requires JavaScript.

Lab Complete.


CT&A

This lab, demonstrated to me what people can do if they can launch this sort of application into your web server/database. It seems like it would be a difficult task to be able to gain physical access to the database to plant this program but, neither less it’s still a scary thought.

I did not have any issues from prior labs when it came to completing this one, which was a nice change.

 

Post Author: Nicholas Wilkinson

I am a 3rd year Networking Major in my IT BIT degree. I have a passion for Cloud Computing and IOT devices.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.