0% found this document useful (0 votes)

210 views178 pages

CIS 76 - Lesson 12: Rich's Lesson Module Checklist

The document outlines Rich's checklist for his CIS 76 lesson, including ensuring slides and labs are posted, test accommodations are made, and backup materials are on a flash drive. It also lists items needed for the classroom, such as a spare battery for the microphone and key card for the classroom door. The checklist helps Rich prepare and organize all materials needed to conduct the lesson.

Uploaded by

coder

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

210 views178 pages

CIS 76 - Lesson 12: Rich's Lesson Module Checklist

Uploaded by

coder

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 178

CIS 76 - Lesson 12

Rich's lesson module checklist

 Slides and lab posted
 WB converted from PowerPoint
 Print out agenda slide and annotate page numbers

 Flash cards
 Properties
 Page numbers
 1st minute quiz
 Web Calendar summary
 Web book pages
 Commands

 Real test enabled on Canvas

 Test accommodations made
 Lab 10 tested and published

 Backup slides, whiteboard slides, CCC info, handouts on flash drive

 Spare 9v battery for mic
 Key card for classroom door

Last updated 11/15/2017

1
CIS 76 - Lesson 12

Evading Network
TCP/IP
Devices
Cryptography Network and
Computer Attacks

Hacking Wireless Footprinting and

Networks
CIS 76 Social Engineering
Ethical Hacking
Hacking
Web Servers Port Scanning

Embedded Operating
Enumeration
Systems
Desktop and Server Scripting and
Vulnerabilities Programming

Student Learner Outcomes

1. Defend a computer and a LAN against a variety of different types of
security attacks using a number of hands-on techniques.

2. Defend a computer and a LAN against a variety of different types of

security attacks using a number of hands-on techniques. 2
CIS 76 - Lesson 12

Introductions and Credits

Rich Simms
• HP Alumnus.
• Started teaching in 2008 when Jim Griffin went on
sabbatical.
• Rich’s site: http://simms-teach.com

And thanks to:

• Steven Bolt at for his WASTC EH training.
• Kevin Vaccaro for his CSSIA EH training and Netlab+ pods.
• EC-Council for their online self-paced CEH v9 course.
• Sam Bowne for his WASTC seminars, textbook recommendation and fantastic
EH website (https://samsclass.info/).
• Lisa Bock for her great lynda.com EH course.
• John Govsky for many teaching best practices: e.g. the First Minute quizzes,
the online forum, and the point grading system (http://teacherjohn.com/).
• Google for everything else!
3
CIS 76 - Lesson 12

Student checklist for attending class

1. Browse to:
http://simms-teach.com
2. Click the CIS 76 link.
3. Click the Calendar link.
4. Locate today’s lesson.
5. Find the Presentation slides for
the lesson and download for
easier viewing.
6. Click the Enter virtual classroom
link to join CCC Confer.
7. Log into Opus-II with Putty or ssh
command.

Note: Blackboard Collaborate Launcher only

needs to be installed once. It has already
been downloaded and installed on the
classroom PC’s.

4
CIS 76 - Lesson 12

Student checklist for suggested screen layout

 Google  CCC Confer  Downloaded PDF of Lesson Slides

 One or more login

 CIS 76 website Calendar page sessions to Opus-II
5
CIS 76 - Lesson 12

Student checklist for sharing desktop with classmates

1) Instructor gives you sharing privileges.

2) Click overlapping rectangles

icon. If white "Start Sharing" text
is present then click it as well.

3) Click OK button.

4) Select "Share desktop"

and click Share button.
6
CIS 76 - Lesson 12

Rich's CCC Confer checklist - setup

[ ] Preload White Board

[ ] Connect session to Teleconference

Session now connected

to teleconference

[ ] Is recording on?

Should change
Red dot means recording from phone
handset icon to
little Microphone
[ ] Use teleconferencing, not mic icon and the
Teleconferencing …
Should be grayed out message displayed

7
CIS 76 - Lesson 12

Rich's CCC Confer checklist - screen layout

foxit for slides chrome

vSphere Client
putty

[ ] layout and share apps 8

CIS 76 - Lesson 12

Rich's CCC Confer checklist - webcam setup

[ ] Video (webcam)
[ ] Make Video Follow Moderator Focus

9
CIS 76 - Lesson 12

Rich's CCC Confer checklist - Elmo

The "rotate image"

button is necessary
if you use both the
side table and the
white board.

Quite interesting
that they consider
you to be an
Elmo rotated down to view side table
"expert" in order to
use this button!

Rotate
image
button Elmo rotated up to view white board

Rotate
image
button

Run and share the Image Mate

program just as you would any other
app with CCC Confer 10
CIS 76 - Lesson 12

Rich's CCC Confer checklist - universal fixes

Universal Fix for CCC Confer:

1) Shrink (500 MB) and delete Java cache
2) Uninstall and reinstall latest Java runtime
3) http://www.cccconfer.org/support/technicalSupport.aspx

Control Panel (small icons) General Tab > Settings… 500MB cache size Delete these

Google Java download

11
CIS 76 - Lesson 12

Start
12
CIS 76 - Lesson 12

Sound Check
Students that dial-in should mute their line
using *6 to prevent unintended noises
distracting the web conference.

Instructor can use *96 to mute all student lines.

Volume
*4 - increase conference volume.
*7 - decrease conference volume.
*5 - increase your voice volume.
*8 - decrease your voice volume.
13
CIS 76 - Lesson 12

Instructor: Rich Simms

Dial-in: 888-886-3951
Passcode: 136690

Philip Bruce Tre Sam B. Sam R. Miguel Bobby Garrett Ryan A.

Aga Karina Chris Tanner Helen Xu Mariano Cameron Ryan M.

May Karl-Heinz Remy

Email me ([email protected]) a relatively current photo of your face for 3 points extra credit
CIS 76 - Lesson 12

First Minute Quiz

Please answer these questions in the order
shown:

For credit email answers to:

[email protected]
within the first few minutes of the live class
15
CIS 76 - Lesson 12

Hacking Web Servers

Objectives Agenda
• Look at vulnerabilities in web applications • Quiz #9

• Look at exploits used against web applications • Questions

• In the news
• Look at how to protect web applications
• Best practices
• Housekeeping
• Web applications
• OWASP Top 10
• A3 cross-site scripting (XSS)
• Reflected cross-site scripting (XSS)
• Stored cross-site scripting (XSS)
• Stealing cookies with XSS
• A1 SQL Injection
• A8 Cross Side Request Forgery
• Assignment
• Wrap up

16
CIS 76 - Lesson 12

Admonition

17
Shared from cis76-newModules.pptx
CIS 76 - Lesson 12

Unauthorized hacking is a crime.

The hacking methods and activities

learned in this course can result in prison
terms, large fines and lawsuits if used in
an unethical manner. They may only be
used in a lawful manner on equipment you
own or where you have explicit permission
from the owner.

Students that engage in any unethical,

unauthorized or illegal hacking may be
dropped from the course and will receive
no legal protection or help from the
instructor or the college. 18
CIS 76 - Lesson 12

Questions
19
CIS 76 - Lesson 12

Questions
How this course works?

Past lesson material?

Previous labs?

他問一個問題，五分鐘是個傻子，他不問一個問題仍然是一個
Chinese 傻瓜永遠。
Proverb He who asks a question is a fool for five minutes; he who does not ask a question
remains a fool forever.
20
CIS 76 - Lesson 12

"Hackers can use artificial

intelligence to mimic their
targets’ tweets—and entice
them to click on malicious
links."

"SNAP_R’s average success rate was about 30 percent. That’s far

better than the usual success rate with automated phishing, which
is between 5 and 15 percent, "
33
CIS 76 - Lesson 12

Recent News
Phishing helps hackers hijack accounts, says Google study
BBC News 10 November 2017

http://www.bbc.com/news/technology-41940838

"Cyber-thieves grab almost

250,000 valid log-in names
and passwords for Google
accounts every week, suggests
research."

'During the 12 months studying the underground markets, the

researchers identified more than 788,000 credentials stolen via
keyloggers, 12 million grabbed via phishing and 1.9 billion from
breaches at other companies.'
34
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleusercont
ent.com/media/research.goo
gle.com/en//pubs/archive/4
6437.pdf

35
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleuser
content.com/media/rese
arch.google.com/en//pu
bs/archive/46437.pdf

36
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleusercontent.com/media/research.google.com/e 37
n//pubs/archive/46437.pdf
CIS 76 - Lesson 12

Recent News
Data Breaches, Phishing, or Malware?
Understanding the Risks of Stolen Credentials
Joint study between Google and UC Berkeley

https://static.googleusercontent.com/media/research.google.com/e
n//pubs/archive/46437.pdf 38
CIS 76 - Lesson 12

Best
Practices
39
CIS 76 - Lesson 12

Secure your router

1. Change your default username and password.

2. If you specifically don't need Universal Plug and Play (UPnP) then disable it.
3. Turn off remote management (requires physical access).
4. Change the name of your access point.
5. Require a password for your WiFi connection.
6. Update the firmware on your router and IoT devices.
7. Research your purchases.
8. Read reviews.
9. Check for known vulnerabilities.
10.Peruse vendor's website.

http://www.welivesecurity.com/2016/11/08/secure-router-help-
prevent-next-internet-takedown/

43
CIS 76 - Lesson 12

Housekeeping

44
CIS 76 - Lesson 12

Housekeeping

1. Lab 9 due 11:59PM tonight.

2. Five more posts due 11:59PM

tonight.

45
CIS 76 - Lesson 12

Housekeeping

Last Withdraw:
11/18/17
Students who are no longer participating in the class
(turning in assignments, posting on the forum,
tasking quizzes or tests) may be dropped by the
instructor

46
CIS 76 - Lesson 12

The final project specifications

are now available.

The final project is due on the

Lesson 15 day.

https://simms-
teach.com/docs/cis76/cis76final-
project.pdf

47
CIS 76 - Lesson 12

Lots and lots of project ideas

Awesome-Hacking project list

https://github.com/Hack-with-Github/Awesome-Hacking

Awesome Repositories:
Awesome InfoSec Awesome Static Analysis
Awesome AppSec Awesome IoT Hacks Awesome Threat Intelligence
Awesome Bug Bounty Awesome Malware Analysis Awesome Vehicle Security
Awesome CTF Awesome Pcaptools Awesome Web Hacking
Awesome DevSecOps Awesome Pentest Awesome Windows Exploitation
Awesome Exploit Development Awesome PHP Security Awesome WiFi Arsenal
Awesome Fuzzing Awesome Reversing Awesome Android Security
Awesome Hacking One Awesome Sec Talks Awesome OSX and iOS Security
Awesome Honeypots Awesome SecLists
Awesome Incident Response Awesome Security
48
CIS 76 - Lesson 12

Heads up on Final Exam

Test #3 (final exam) is TUESDAY Dec 12 4-6:50PM

Extra credit
labs and
final posts
Tue due by
11:59PM

• All students will take the test at the same time. The test must be
completed by 6:50PM.

• Working and long distance students can take the test online via
CCC Confer and Canvas.

• Working students will need to plan ahead to arrange time off from
work for the test.
49
• Test #3 is mandatory (even if you have all the points you want)
CIS 76 - Lesson 12

50
CIS 76 - Lesson 12
Where to find your grades
Send me your survey to get your LOR code name.

The CIS 76 website Grades page Or check on Opus-II

http://simms-teach.com/cis76grades.php
checkgrades codename
(where codename is your LOR codename)

Written by Jesse Warren a past CIS 90 Alumnus

To run checkgrades update your path in .bash_profile with:

PATH=$PATH:/home/cis76/bin

Points that could have been earned:

8 quizzes: 24 points
8 labs: 240 points
2 tests: 60 points
2 forum quarters: 40 points
Total: 364 points

At the end of the term I'll add up all

your points and assign you a grade 51
using this table
CIS 76 - Lesson 12

Web
Applications

56
CIS 76 - Lesson 12

Web Servers and Browsers

<!DOCTYPE html>
<html>
<head>
<title>Cylons Rule</title>
</head>
<body>
<h1>Cylon Recruiting Center</h1> Web page
<img src="images/cylon.gif" alt="Cylon">
<p>All IoT devices on earth are welcome!</p> rendered

<p>Join us at our next meeting on Caprica 6.</p> browser
</body>
</html>

Web Server Client Browser

HTTP HTTP
Internet
Apache, Microsoft HTTPS HTTPS Chrome, IE, Safari,
IIS, nginx, etc. Firefox, etc.

Static web pages

• Created using HTML

Dynamic web pages

• Forms
• PHP
• Active Server Pages (ASP)
• Javascript
• More ... 57
CIS 76 - Lesson 12

Total number of websites

https://news.netcraft.com/archives/2017/10/26/october-2017-web-server-survey-13.html 58
CIS 76 - Lesson 12

Market share of active sites

https://news.netcraft.com/archives/2017/10/26/october-2017-web-server-survey-13.html 59
CIS 76 - Lesson 12

Market share of the top million busiest sites

https://news.netcraft.com/archives/2017/10/26/october-2017-web-server-survey-13.html 60
CIS 76 - Lesson 12

OWASP
Top Ten
61
CIS 76 - Lesson 12

Open Web Application Security Project (OWASP)

https://www.ow
asp.org/index.ph
p/Main_Page

Core Purpose
"Be the thriving global community that drives visibility and
evolution in the safety and security of the world’s software." 62
CIS 76 - Lesson 12

Open Web Application Security Project (OWASP)

2013 Top 10 Web Application Security Flaws:

• A1 Injection
• A2 Broken Authentication and Session Management
• A3 Cross-Site Scripting (XSS)
• A4 Insecure Direct Object References
• A5 Security Misconfiguration
• A6 Sensitive Data Exposure
• A7 Missing Function Level Access Control
• A8 Cross-Site Request Forgery (CSRF)
• A9 Using Components with Known Vulnerabilities
• A10 Unvalidated Redirects and Forwards

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013 63
CIS 76 - Lesson 12
OWASP Top 10
A1-Injection
Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent
to an interpreter as part of a command or query. The attacker’s hostile data can trick the
interpreter into executing unintended commands or accessing data without proper
authorization.

A2-Broken Authentication and Session Management

Application functions related to authentication and session management are often not
implemented correctly, allowing attackers to compromise passwords, keys, or session
tokens, or to exploit other implementation flaws to assume other users’ identities.

A3-Cross-Site Scripting (XSS)

XSS flaws occur whenever an application takes untrusted data and sends it to a web
browser without proper validation or escaping. XSS allows attackers to execute scripts in
the victim’s browser which can hijack user sessions, deface web sites, or redirect the
user to malicious sites.

A4-Insecure Direct Object References

A direct object reference occurs when a developer exposes a reference to an internal
implementation object, such as a file, directory, or database key. Without an access
control check or other protection, attackers can manipulate these references to access
unauthorized data.

A5-Security Misconfiguration
Good security requires having a secure configuration defined and deployed for the
application, frameworks, application server, web server, database server, and platform.
Secure settings should be defined, implemented, and maintained, as defaults are often
insecure. Additionally, software should be kept up to date.
64
https://www.owasp.org/index.php/Top_10_2013-Top_10
CIS 76 - Lesson 12

A6-Sensitive Data Exposure

OWASP Top 10
Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and
authentication credentials. Attackers may steal or modify such weakly protected data to conduct
credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such
as encryption at rest or in transit, as well as special precautions when exchanged with the
browser.

A7-Missing Function Level Access Control

Most web applications verify function level access rights before making that functionality visible
in the UI. However, applications need to perform the same access control checks on the server
when each function is accessed. If requests are not verified, attackers will be able to forge
requests in order to access functionality without proper authorization.

A8-Cross-Site Request Forgery (CSRF)

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the
victim’s session cookie and any other automatically included authentication information, to a
vulnerable web application. This allows the attacker to force the victim’s browser to generate
requests the vulnerable application thinks are legitimate requests from the victim.

A9-Using Components with Known Vulnerabilities

Components, such as libraries, frameworks, and other software modules, almost always run with
full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data
loss or server takeover. Applications using components with known vulnerabilities may
undermine application defenses and enable a range of possible attacks and impacts.

A10-Unvalidated Redirects and Forwards

Web applications frequently redirect and forward users to other pages and websites, and use
untrusted data to determine the destination pages. Without proper validation, attackers can
redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
65
https://www.owasp.org/index.php/Top_10_2013-Top_10
CIS 76 - Lesson 12

Open Web Application Security Project (OWASP)

OWASP Risk Rating Methodology

https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/owasptop10/OWASP%20Top%2010%20-%202013.pdf

66
CIS 76 - Lesson 12

A3
Cross-Site
Scripting (XSS)
67
CIS 76 - Lesson 12

Cross-Site Scripting (XSS)

OWASP Risk Rating

https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) 68
CIS 76 - Lesson 12

Cross-Site Scripting (XSS)

https://www.youtube.com/watch?v=L5l9lSnNMxg

69
CIS 76 - Lesson 12

OWASP Cross Site Scripting Prevention Cheat Sheet

How Do I Prevent 'Cross-Site Scripting (XSS)'?

Preventing XSS requires separation of untrusted data from active
browser content.
1. The preferred option is to properly escape all untrusted data
based on the HTML context (body, attribute, JavaScript, CSS, or
URL) that the data will be placed into. See the OWASP XSS
Prevention Cheat Sheet for details on the required data escaping
techniques.
2. Positive or "whitelist" server-side input validation is also
recommended as it helps protect against XSS, but is not a
complete defense as many applications require special characters
in their input. Such validation should, as much as possible,
validate the length, characters, format, and business rules on
that data before accepting the input.
3. For rich content, consider auto-sanitization libraries like
OWASP’s AntiSamy or the Java HTML Sanitizer Project.
4. Consider Content Security Policy (CSP) to defend against XSS
across your entire site.

70
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS)
CIS 76 - Lesson 12

Reflected
Cross-Site
Scripting (XSS)
Example 72
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS)

• Non-persistent because nothing is stored in a database.

• Malicious JavaScript is fed into a web page that displays

whatever was user entered.

• Malicious Javascript can be inserted into a URL that is then

emailed to the victim.

https://en.wikipedia.org/wiki/Cross-site_scripting

73
CIS 76 - Lesson 12

Reflected XSS Example Reference and Credit

https://www.youtube.com/watch?v=dFci82qwXA0

Excellent set of tutorials on XSS 74

CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS)

Example Overview:

We will use a simple form webpage on EH-OWASP-xx to simulate

how reflected cross-site scripting can feed malicious code into a
form that will then be executed by the browser.

The user/attacker will browse from EH-WinXP to the EH-OWASP

web server.

75
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

As root on your EH-OWASP VM:

cd /var/www
mkdir lesson12 Copy the DRAPS TV
index.php file to your
cd lesson12/
OWASP VM
mkdir xss01
cd xss01/
scp xxxxxx76@opus-ii:/home/cis76/depot/lesson12/xss01/* .

chmod 644 index.php We want to publish this page via the

service apache2 status Apache web server

vi index.php View the web page which

contain HTML and PGP code.

76
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

root@owaspbwa:/var/www/lesson12/xss01# cat index.php
<!DOCTYPE html>
<html>

<title> XSS Tutorial #2 </title>
<body>
<h1 align="center"> Try My New Search Feature! </h1>
<table align="center">
<tr><td>
<form action="index.php" method="get"> The web page has
<input type="text" name="search" placeholder="search" /> a one field web
<input type="submit" value="Search" /> form and a submit
</form>
button.
</td></tr>
</table>
<br />
<br />
<p align="center">
<?php
if(isset($_GET["search"]))
{ Form data is sent
echo "The results of your search for: ".$_GET["search"]; in the URL via the
echo "<br /><br /> <i>Sorry No Results Found! </i>";
}
http GET method.
?>
</p>
<h3 align="center"> This website was made by me! I hope you really really like it! </h3>
</body>
</html>
root@owaspbwa:/var/www/lesson12/xss01# 77
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

[WinXP] http://10.76.xx.101/lesson12/xss01/index.php

From your WinXP VM, browse to the new website on your OWASP VM 78
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Search for: Star Wars

http://10.76.xx.101/lesson12/xss01/index.php?search=Star+Wars

79
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Search for: <font color="green">

http://10.76.xx.101/lesson12/xss01/index.php?search=%3Cfont+color%3D%22green%22%3E

Encoding used:
%3C is <
%3D is =
%22 is "
%3E is >

80
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Manually edit the URL at the top of
the webpage, changing green to red
http://10.76.xx.101/lesson12/xss01/index.php?search=%3Cfont+color%3D%22red%22%3E

Encoding used:
%22 is "
%3C is <
%3D is =
%3E is >

81
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

http://10.76.xx.101/lesson12/xss01/index.php?search=%3Cfont+color%3D%22red%22%3E

Firefox

Internet Explorer
Copy and paste the
URL into a different
browser and the
JavaScript is still
executed.

Note, that a tampered

URL could be emailed
to another user to
click on.

82
CIS 76 - Lesson 12

Reflected Cross-Site Scripting (XSS) Example

Search for: <script>alert("You've been hacked!")</script>

http://10.76.xx.101/lesson12/xss01/index.php?search=Uh+Oh%3Cscript%3Ealert%28
%22You%27ve+been+hacked%21%22%29%3C%2Fscript%3E

83
CIS 76 - Lesson 12

Activity

Search for:

Put who you see in the search results in the chat window

84
CIS 76 - Lesson 12

Stored
Cross-Site
Scripting (XSS)
Example 85
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS)

• The attacker uses the web application to post content

containing <script> tags full of malicious JavaScript code.

• Later when the victim reads the posted content their

browser will execute the malicious script.

• Persistent because the malicious code is stored in the web

application database.

https://en.wikipedia.org/wiki/Cross-site_scripting

86
CIS 76 - Lesson 12

Stored XSS Example Reference and Credit

http://10.76.xx.101/WebGoat/source?solution=true

Solution page on OWASP VM website

87
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS)

Example Overview:

We will use WebGoat on EH-OWASP-xx to simulate how an

attacker can use cross-site scripting to insert malicious code into
content for a forum-like web application. In this case a the
malicious code stored in the database will display an annoying
"Mu Ha Ha Ha" message.

Any victims that read the infected message post will get the
annoying message.

The attacker/victim will browse from EH-WinXP to the EH-OWASP

web server.

88
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

[WinXP] http://10.76.xx.101

Scroll
down a
little

We are
using Pod
5 for this
example

89
From your WinXP VM, browse to your OWASP VM and head to WebGoat
CIS 76 - Lesson 12

Stored Cross-Site Scripting (XSS) Example

http://10.76.xx.101

90
Login to WebGoat with both username and password = guest
CIS 76 - Lesson 12