Sit379-8 1P
Sit379-8 1P
Sit379-8 1P
Pass Task.
Release Date: 2-9/9/2024
Learning Outcomes
Instructions
All questions/tasks that have the icon below must be attempted for you to complete this
task. If screenshots are required, please ensure that text in screenshots is readable.
Remember that troubleshooting technical problems is part of learning in this field. Tasks
are not step-by-step guide. You need to be in the driver seat and learn concepts by doing – as
you would when you start your future job (many times even your supervisor does not know the
answer to problems you face). Do your research patiently to solve issues you face and if you
are stuck:
Help is always available in SIT379/704. Please go to Discussions and ask your questions
about this task in Week 8 P. Also, an extra support and help is provided on IT helphub.
All students are encouraged to participate and help peers with their questions via peer-
support channel on Teams. Helping others is a great way to learn and think about aspects
you may have overlooked. You can also seek help from tutors during online and face-to-
face workshops. Please do not raise your questions through OnTrack, or Email.
Note: This task includes three sections (A, B, and C) that cover different aspects of achieving learning
outcomes. Students will provide evidence of completing tasks and learning and reflect on their learning.
A: Hacking web applications
In this task, you will attempt to exploit different vulnerabilities and implement different attacks
against Web applications. To proceed, you must ensure that your Kali, pfSense, and OWASP
broken web app VMS are on the same network (intnet). The task focuses on one of the
vulnerable applications in OWASP VM, that is, Bodgeit. The Bodgeit Store is an insecure app
that should not be deployed in production. This app is used to teach application security and
penetration testing concepts.
Important: You will find a list of challenges to solve. As this task is for the Pass level,
you are required only to solve the following:
1. In your web browser in Kail Linux, Open the “OWASP broken webapps VM IP
address\bodgeit”. Click on About us and then on scoring pages. You will get a list of
challenges (see Figure).
First Challenge – Find Diagnostic Data: One issue with developers is that they often forget
to disable diagnostic data. Diagnostic data is used to debug applications and ensure they are
functioning correctly. A common method to test if debugging is enabled is by adding a query
parameter to the URL, such as “?debug=true”. You will append this parameter to all the pages
and identify which ones activate the debug mode. For example, by navigating to the home page
and adding “?debug=true” to the URL, you are using a query parameter. A query parameter
acts like a variable or field that interacts with the server. In this case, to check for diagnostic
data, we use the variable name debug.
Task T 1:T Evaluate the vulnerability by testing each page on the website with the
query parameter "?debug=true" added to the end of the URL. What were the outcomes for
each page? Under what type of OWASP Top 10 vulnerabilities, you can classify this
vulnerability? Include a screenshot for each page with a brief explanation of the result in
one to two sentences. You should also include screenshots of your green score for this
challenge.
Second Challenge – Level 1 - Display a Pop-Up Box: When you see text boxes this is a good
way to test cross-site scripting (From the OWASP Top 10, this fall into Cross-Site Scripting
(Reflected)). To solve this challenge, select the search page, and then enter
“script>alert(“XSS”)</script>”
Third Challenge – Level 2 – Display a Pop-Up Box: In this challenge, you will explore the
Cross-Site Scripting (stored) from the OWASP Top 10.
Task T 3:T Use the previous XSS script to test the stored XSS vulnerability in the
registration form. (Make sure that a password length is not more than 5). Explain how you
knew it stored XSS with evidence from your experiments. Provide a screenshot for the
command output your score for this challenge.
TT
In this challenge, you have the username but not the password. How can you gain access? One
method is using SQL injection, as the login page interacts with a backend database that can be
queried. Typically, the SQL query for such a login looks like:
Task A5: Provide screenshots that show that you successfully finish all these 4 challenges.
1. In your web browser in Kail Linux, Open the “OWASP broken webapps VM IP
address\dvwa”. Use “admin” as username and password to login.
2. Open the terminal in Kali Linux to run a listening port for the reverse shell that you
will create in the web. To do so, use nc (a networking utility for reading from and
writing to network connections using TCP or UDP) command “nc -lp 1337”.
3. From the DVWA screen (left side), select Command execution. Then, run the following
script. Replace "Kali IP address” with your kail IP address.
This command will use the traditional version of nc to execute(e) (/bin/bash) (i.e., bash shell)
upon establishing a connection. Now, you should be able to access the OWASP VM remotely
using this reverse shell.
Task A6: What privilege do you have with this reverse shell? As ethical hacker, what
could you do next when you have this privilege? Justify your answer. Also, include
screenshots of your commands in this reverse shell.
B) Upload web shell file and inclusion
Similar to the previous activity, you will open a reverse shell from the OWASP broken VM to
your Kali Linux. This time, you will use a web shell to create reverse shell. Kali Linux already
includes many pre-prepared web shells that you can use (as shown in the figure). For this
exercise, you will use "php-reverse-shell.php". Make sure to adjust the IP address and port in
this file to match the nc command in your Kali terminal: nc -lp 1337.
Upload this file to DVWA. You should see something similar to the following figure. Next,
copy the generated path and insert it into the URL in the file inclusion section, replacing
include.php with the new path (see figure).
Task A7: Explain the output of this process and provide screenshots of nc and file
inclusion screen during the exploitation process.
B. Evidence of learning
Task B1: Provide evidence of your work on module 8. This can contain notes you
took, activities you solved, and any other work you produced. You can scan or take pictures
or screenshots of your work into a pdf document. It is a good idea to include short
comments together with your evidence.
C. Reflecting on the content and your learning
Task C1: Reflect on what you have learned this week. What is the most important
thing you learnt in this module? How does this relate to what you already know? Why do
you think your course team wants you to learn the content of this module?