Protected: Protected: H5

This content is password protected. To view it please enter your password below:

Advertisements

Protected: H4 – ready

This content is password protected. To view it please enter your password below:

WebGoat exercises (H2) – ready

WebGoat

LAB: Role Based Access Control

In this post I completed Stage 1 and Stage 3. To complete the stages I attacked against OWASP 10 2017 A5: Broken Access Control vulnerability – the application had flaws so that I could do admin-stage actions as a normal user.

Screenshot from 2019-05-21 15-25-08

My solution to Stage 1:

Screenshot from 2019-05-21 15-32-10.png

I logged in as Tom Cat. I browsed to “Staff List page” and looked the source code from inspector for “ViewProfile” and “Logout” buttons. The first name guess for a button to delete a user would be “DeleteUser”. I modified “ViewProfile” html code in inspector and changed value to “DeleteProfile”:

<input name=”action” value=”DeleteProfile” type=”submit”>

And then I clicked ViewProfile button and completed the Stage 1.

 

My solution to Stage 3:

Screenshot from 2019-05-21 15-31-48.png

The solution for Stage 3 was similar to the solution for Stage 1. I looked the source code for the same view, this time for the selected employee (Tom Cat). It had value 105 for the parameter which was most likely to be Tom Cat’s employee id. I tried to change that to 104:

<option selected=”” value=”104″>Tom Cat (employee)</option>

And then I clicked ViewProfile and got Eric Walker’s profile page instead of Tom’s – Stage 2 succeeded.

 

 

 

Mitre Att&ck: Exploit Public-Facing Application

“The use of software, data, or commands to take advantage of a weakness in an Internet-facing computer system or program in order to cause unintended or unanticipated behavior.” https://attack.mitre.org/techniques/T1190/

The vulnerabilities above (WebGoat LAB) use Mitre Att&cks technique “Exploit Public-Facing Application”. The application in WebGoat had design vulnerability that enabled to access sensitive, admin-stage data as a normal user. I used inspector to modify html code and send requests, but also for example mitmproxy could be used to exploit this kind of vulnerability.

 

 

This post is a homework 2 for Tero Karvinen’s course Penetration Testing.

// Irene Kunnari

Image

Kali bootable USB

Kali bootable USB-stick

 

I downloaded Kali Linux 64-bit from here: https://www.kali.org/downloads/

And then looked instructions for making the USB from here: https://docs.kali.org/downloading/kali-linux-live-usb-install

I used my Ubuntu desktop to make a bootable USB stick. I had to be extra careful to choose the correct location to write:

dd if=kali-linux-2019.2-amd64.iso of=/dev/sdb bs=512k

And when it was ready, I tried booting. And I was able to boot into Kali Linux:

 

LAMP with Salt

This is week’s 6 homework from Tero Karvinen’s course about Salt. The exercise was to install LAMP stack using salt.

 

PHP

Creating state that install PHP in /srv/salt/apachephp:

Screenshot 2019-05-15 at 21.04.22.png

And state succeeded.

Screenshot 2019-05-15 at 20.58.45.png

 

MariaDB

Then state that install MariaDB-server and client in /srv/salt/mariadb:

Screenshot 2019-05-15 at 21.05.06.png

And succeeded:

Screenshot 2019-05-15 at 20.57.10.png

 

Apache (I had problem..):

Also apache directory that has init.sls that install apache:

Screenshot 2019-05-15 at 21.07.08.png

 

Other installations succeeded, but with this one I had problem. It said the following and I didn’t manage to figure out the problem. Seemed right to me… :

Screenshot 2019-05-15 at 21.06.51.png

Windows as Salt-minion (h5)

Installing salt-minion on Windows

 

From this link I installed proper salt-minion version for windows: https://repo.saltstack.com/windows/. Salt-minion has to be same version than salt-master or otherwise it won’t work.

I executed the .exe file and got to install salt-minion. At the installation part you tell the minion it’s master and minion id. After the installation was done, I accepted the slave-key from master and new minion was ready.

 

Minion can be pinged locally from windows cmd:

salt-call ping

 

I wanted to install Putty and Firefox with salt to Windows10 minion. I created a winpkgs directory to master’s /srv/salt and added there init.sls:

Screenshot 2019-05-08 at 19.22.05

 

Then I applied the state:

Screenshot 2019-05-08 at 19.44.02

 

Windows10 minion had some issues responding and it returned “Not connected”. By expanding the timeout and running minion in debug mode I got an answer. The state succeeded and it had already installed the programs and I was able to find putty and Firefox from desktop.