InfoSec4

docx

School

University of Washington, Tacoma *

*We aren’t endorsed by this school

Course

MISC

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

4

Uploaded by RudyC9

Report
InfoSec4 Labs SQL Injections (SQLi) Section 1 1. What is PuTTY? PuTTY is a terminal emulator, serial console, and network file transfer application that is used to establish SSH, Telnet, and raw socket connections. 2. What is SSH? SSH stands for Secure Shell and is a secure network protocol used for accessing and managing network devices, servers, and computers over an unsecure network. Section 2 1. What did you type in the username field to launch the SQLi attack? To launch the SQLi attack I typed in: Alice’ OR ‘1*1 2. What kind of attack are you performing? The type of attack being preformed is a password bypass attack. Section 3 1. What is the command you are using to administer the web server? The command used to administer the web server is: ssh support@urbank.com 2. What is IceWeasel? IceWeasel is a Firefox based web browser. 3. What is the name of the log you can use to see the SQL statements sent to the database? The name of the log that you can use to see the SQL statements sent to the database is: Web.log Section 4 1. What two lines of codes were added to prevent the SQL injection? The two lines of code that were added to prevent the SQL injection is: $myusername = mysql_real_escape_string)$myusername): $mypassword = mysql_real_escape_string($mypassword); 2. What is the character that is added to query to stop the SQL injection? The character that is added to query to stop the SQL injection is: / SQLi Vulnerability and Pentesting Steps Section 1 1. What is PuTTY? PuTTY is a terminal emulator, serial console, and network file transfer application that is used to establish SSH, Telnet, and raw socket connections.
2. What is SSH? SSH stands for Secure Shell and is a secure network protocol used for accessing and managing network devices, servers, and computers over an unsecure network. Section 2 1. What script is called by the HTML form? The checklogin.php script is called. 2. Why is the application vulnerable? It is not properly escaping the input causing the vulnerability. Section 3 1. Why are you viewing the source of an HTML page in a browser? We are viewing the source of an HTML page in the browser to check if PHP is being used on the webpage. 2. What is cURL? cURL is a command used to make HTTP requests to webservers, downloading files, and to perform other various network tasks. 3. What is Cookie Managers+? It is a tool that is used to manage cookies in the web browser. Section 4 1. Why would you want to a single ' in your testing? To test whether special characters are escaped. 2. What is the purpose of a # character in PHP? The # character in PHP allows you to create single-line comments in the php file. HTML Injections (HTMLi) Section 1 1. Why are you changing the HTML form to display_name.php? We are changing the HTML form to display_name.php because it will allow us to run the script. 2. What is the result of testing your web application for the HTMLi vulnerability in this section? After running the script we are able to log in as Alice. Section 2 1. What is the URL you type in to add an anchor tag to the web application? The URL we type in to add an anchor tag to the web application is: urbank.com/?myusername=<input ‘radio’> Section 3
1. What is a URL encoder? It is a tool that is used to encode special characters and non-ASCII characters in a URL. 2. What is the URL that the URL encoded data is added to? The URL that the URL encoded data is added to is: urbank.com/?myusername= Section 4 1. What steps do you have to do to set up a collection server on Kali Linux? Start apache server using cmd: service apache2 start Test if PHP is working with cmd: php -r ‘echo “Test\n’;’ Copy a PHP action script using the “cp” command. Create a file named log that contains the words Harvest Credentials with cmd: echo “Harvested Credentials” > /var/www/html/log Allow anyone to do whatever they want to the log file using cmd: chmod 777 /var/www/html/log Section 5 1. What type of social engineering attack are you modeling in this lab? The social engineering attack we are modeling in this lab is spear phishing. 2. Who is the target of the attack? Bob is the target of the attack. 3. Who supposedly sent the email to the target? Supposedly Lisa sent the email. Section 6 1. What does Alice do to launch the HTMLi attack? Alice clicked on the infected link. 2. How could have the attack been avoided? If Alice did not click on the link. HTMLi Vulnerability and Mitigation Section 1 1. What command did you use to display the contents of the index.php script? The command that was used to display the contents of the index.php script was: cat /var/www/html/index.php
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
2. How are PHP scripts read? PHP scripts are read sequentially from top to bottom. Section 2 1. Explain in your own words what this command sed –n '9,17 p' /var/www/WebServer/index.php does. This command opens and the text utility sed in quiet mode to display lines 9 through 17 from the index.php document. 2. What is the PHP command that displays the contents of a form element? The echo command. 3. What is Wireshark monitoring? Wireshark is monitoring HTTP traffic. Section 3 1. What does the str_replace function do? It replaces occurrences of a substring within a string with another substring. Section 4 1. How do you know that the code that you added controlled the vulnerability? You can check to see if the code that was added controlled the vulnerability by going to the url: urbank.com/?myusername=<input’radio’> Reflected XSS Mitigation and URL Encoding Section 1 1. Why did the reflected XSS not work in this situation? We did not encode the URL, and thus the “+” were interpreted as white space. 2. How did you know it did not work? We were able to verify that the collection server did not store a session ID. Section 2 1. What is the name of the function used to control the remote XSS vulnerability? The function used to control the remote XSS vulnerability is: str_ireplace 2. When using the str_ireplace function, what did the function do to the querystring? The str_ireplace function replaced the substring “script” with the empty value of “null”. Section 3 1. What script did you try to inject to see if the browser is vulnerable? The script used to try to inject to see if the browser is vulnerable was: ‘ Owned ‘ 2. How do you know if the control worked? There would be an alert on the webpage, or can be verified by viewing the source code of the page.

Related Documents

Target Case Analysis Example 1.docx
Target Case Analysis Example 2.docx
EDSS661 UoW Blank Template.docx
DaitrusGarnes_CJ380_Week4_Assignment.docx
WK6_Progress_SCMT390.docx
Midterm__SCMT390.docx
InfoSec3.docx
NOTES:%20CS%202205%20Web%20Programming.pdf.pdf
Screenshot 2024-02-16 at 1.41.38 PM.png
ICL820 - Module 3 Knowledge Check - Competence.docx
Lab 3.docx
Lab 1.docx