Penetration Testing – WebGoat

H2 – Penetration Testing WebGoat and scopes

Assignment given by Tero Karvinen

Scope. Tiedustelu- ja hyökkäysohjelmia saa käyttää vain luvallisiiin maalikoneisiin. Lue HackTheBoxin säännöt ennen aloittamista. Tarkista IP-osoitteet huolellisesti.

1) Tiedustele aktiivisesti HackTheBoxin verkko. Voit käyttää esimerkiksi porttiskannereita, metasploittia, selainta, curl -I, nc ja muita osaamiasi työkaluja. Raportoi. Laita HackTheBoxin ratkaisut yksinkertaisen salasanan taakse, ei julkiseen nettiin. Salasanan voit antaa opettajalle Moodleen ja kurssikavereille, ei julkiseen nettiin.

2) Tee WebGoatista kolme tehtävää. Asenna WebGoat tarvittaessa. Ratkaisut saa julkaista normaalisti koko Internetille. Vinkki: edellisen kerran läksyjen raporteissa tällä sivulla on helppoja asennusohjeita WebGoatille.

3) Vapaaehtoinen: Ratko lisää WebGoatin tehtäviä.

4) Vapaaehtoinen, vaikea: Jos osaat, korkaa jokin maalikone HackTheBoxista. Muista sallitut rajat eli scope. Apupyörinä voit käyttää HackTheBoxin weppiliittymästä löytyvää konelistaa vaikeustason mukaan järjestettynä.


Testing Envinroment

For this assignment I used Laptop Acer 5439 and using Ubuntu 18.04 LTS.


2)  I)WebGoat Authentcation Flaws – Authentication Bypasses. There is more to this task but not putting everything here.

Selection_022.png

Started just testing on typing test to both fields. It didn’t work. For this I followed example that the task provided. I used Firefox so with F12 I opened the Developer Tools. Then I located part where it says secQuestion0 and changed it to secQuestion00 & secQuestion01.

Selection_023.png

Selection_025.png

I have verified the account!


2) II) Cross Site Scripting (XSS)

Selection_027

So as it says I opened another tab and wrote javascript:alert(document.cookie); to url.

Selection_028.png

And the on the page where I did this lesson – I replaced the url with javascript:alert(document.cookie);

Selection_029.png

It was the same so I could answer the questions:

Selection_030.png


Cross Site Scripting (XSS)

Selection_031.png

Next I had to find which field is susceptible for XSS. I tried the field where the credit card number was asked. I typeda script to the field.

alert(‘my javascript here’)4128 3214 0002 1999

Selection_032.png

And vòila, that field was vulnerable to XSS.



Cross Site Scripting (XSS)

Selection_033.png

Here I had to find some code that was vulnerable. I clicked the submit button to see what happens:

Selection_034.png

It said to check GoatRouter.js , there are many ways to check find the javascript file. I just click the GoatRouter.js link and it opened me the javascript file. Other ways are to open developer tookl (f12 for firefox or chrome) and look there. It is different I think depending on Web Browser.

Selection_035.png

This was the first mention of test stuff in the code.

Selection_036.png



Cross Site Scripting (XSS)

Selection_037.png

In this lesson I had to execute webgoat.customjs.phoneHome() function but not using console or debug.

First I wanted to find where is that function in developer tool.

Selection_038.png

When I found it I change <strong></strong> to .

Selection_039.png

And then took a look at the console:

Selection_042.png

It gave me a response so I just had to copy that:

Selection_041.png

And it was successful.


 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s