Scribd
Upload
242 views3 pages

Module 6 Broken Access Control Lab

This document provides instructions for completing a lab that demonstrates insecure direct object references. The steps have students log into a virtual machine, access a vulnerable web application, and exploit insecure direct object references to view sensitive files like /etc/passwd and classes/MySQLHandler.php that contain the database password. By intercepting requests in Burp Suite and changing the file parameter, students are able to access restricted files to identify the vulnerability.

Uploaded by

Taha Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
242 views3 pages

Module 6 Broken Access Control Lab

This document provides instructions for completing a lab that demonstrates insecure direct object references. The steps have students log into a virtual machine, access a vulnerable web application, and exploit insecure direct object references to view sensitive files like /etc/passwd and classes/MySQLHandler.php that contain the database password. By intercepting requests in Burp Suite and changing the file parameter, students are able to access restricted files to identify the vulnerability.

Uploaded by

Taha Khan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

 

 
 

 
Module 6 Broken Access Control Lab

Description: In this lab, you identify and exploit Insecure Direct Object References in a
web application.
Requirements:​ You will need access to the Cybrary lab environment for this lab.

Step 1:​ Log into Cybrary


Step 2:​ Launch the ​OWASP Broken Access Control​ lab by searching for it in the catalog
and selecting the launch button
Note: It may take 40-50 seconds for the lab to launch after clicking the button.
Step 3:​ When the lab opens, you may see a pop-up box. Select the Next button, then Ok to
close the pop-up box.
Step 4:​ You will then be taken to the Kali Linux log in screen.
Step 5:​ Enter a username of ​student ​and a password of ​student ​to log into the desktop.
Note: In this particular lab, you will need to mark each checkbox on the right-side as you
complete tasks for it to register the changes. We will also be using the Next button on the
right-side to navigate through the tasks, so you can mark them as complete.

Step 6:​ Next, launch Firefox by clicking on the orange-colored icon near the top-left of the
screen. This will launch the mutillidae page.
Step 7:​ Next, click the ​Login/Register​ option at the top of the page.
Step 8:​ In the browser URL area, you will notice the URL ends in login.php. You will also
notice that as you navigate to different pages, the index.php remains constant in the URL.
Step 9:​ In the URL, replace the login.php with ​/etc/passwd

Question 1:​ Do you see any data from the /etc/passwd file? _____________________

Step 10:​ Next, navigate to OWASP 2017 on the left-side of the page.
Step 11:​ Click A5 – Broken Access Control
Step 12:​ Click Insecure Direct Object References

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 
 

 
Step 13:​ Click Source Viewer
Step 14:​ This takes you to the Source Code Viewer page
Step 15:​ Under the “Source File Name” drop-down menu, select text-file-viewer.php
Step 16:​ Click the View File button
Step 17:​ The contents of the file are shown.

Note: This is an issue due to the sensitive information that may be in the file.

Step 18:​ Next, we’re going to use a tool called Burp Suite.
Step 19:​ Minimize the Firefox browser window.
Step 20:​ Next, click the orange and gray Burp Suite icon on the left-side menu. It is about
halfway down the list.
Step 21:​ Burp Suite will launch
Step 22:​ A pop-up box will open
Step 23:​ Uncheck the “Help improve Burp…” box
Step 24:​ Click “I Accept” to accept the license agreement
Step 25:​ At the next page, click the Next button.
Step 26:​ Next, click the “Start Burp” button to launch the tool.
Step 27:​ Next, minimize Burp Suite and click back on Firefox
Step 28:​ Right-click on the ​FoxyProxy icon​ to the right of the URL address bar.
Step 29:​ Select the “Use proxies based on their pre-defined patterns and priorities” option.
Step 30:​ In the Source File Name drop-down menu, select ​text-file-viewer.php
Step 31:​ Select the ​View File​ button
Step 32:​ Minimize Firefox
Step 33:​ Click back on Burp Suite and select the Proxy tab.
Step 34:​ You will see that the Intercept is on.
Step 35:​ On the bottom line, you will replace the “text-file-viewer.php” with the following:
classes/MySQLHandler.php

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 
 

Step 36:​ Next, click the Forward button at the top-left of the screen.
Step 37:​ Next, minimize Burp Suite and click back on Firefox
Step 38:​ You should now see the contents of the MySQLHandler.php page

Question 2: ​Do you see any information regarding the database password?
______________________________________________________________

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

You might also like