Hướng Dẫn Thực Hành – Command Execution Basic Testing (DVWA): Lesson 2

{ Command Execution Basic Testing }
Thực hành ngay, hay lắm !

Section 0. Background Information
  • What is Damn Vulnerable Web App (DVWA)?
    • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
    • Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  • Pre-Requisite Lab
    • Damn Vulnerable Web App (DVWA): Lesson 1: How to Install DVWA in Fedora 14 (hoặc chạy trên máy ảo DVWA do instructor cung cấp)
  • Lab Notes
    • In this lab we will do the following:
      1. We will test Command Execution where Security is set to low
      2. We will demonstrate how other linux/unix commands can be appended to an IP Address for execution.
      3. We will explorer the code that allows for malicious use
 Start Up Damn Vulnerable Web App (DVWA)
  1. Start up a Web Browser  
    • Instructions:
      1. Applications –> Internet –> Firefox
    • Notes:
      • You can open up a Web browser on any Operating System on your network.
      • Working with DVWA does not have to be done on your Fedora machine, the only requirement to play with DVWA is a follow
        1. The Fedora Server is on the Network.
        2. httpd is running
        3. mysqld is running
  2. DVWA Database setup  
    • Instructions:
      1. http://192.168.1.106/dvwa/login.php
        • Replace 192.168.1.106 with the IP Address obtained from Section 3, Step 3.
      2. Username: admin
      3. Password: password
        • “password” is the default password for user admin.
  3. Set Website Security Level (Part 1) 
    • Instructions:
      1. Click on DVWA Security
  4. Set Website Security Level (Part 2) 
    • Instructions:
      1. Select Low
      2. Click Submit
Section 6. Command Execution
  1. Command Execution  
    • Instructions:
      1. Click on Command Execution
  2. Execute Ping  
    • Notes:
      • Below we are going to do a simply ping test using the web interface.
      • As an example, ping something on your network.
      • Use the IP Address obtained in Section 3, Step 3 if you have nothing else to ping.
    • Instructions:
      1. 192.168.1.106
      2. Click Submit
  3. cat /etc/password (Attempt 1)  
    • Instructions:
      1. cat /etc/passwd
      2. Click Submit
    • Notes:
      • Notice that either a messaging saying illegal IP address was displayed or nothing was returned.
  4. cat /etc/password (Attempt 2)  
    • Instructions:
      1. 192.168.1.106; cat /etc/passwd
      2. Click Submit
    • Notes:
      • Notice that we are now able to see the contents of the /etc/passwd file.
  5. Looking at the weakness  
    • Instructions:
      1. Bring up a terminal window (See Section 3, Step 1, if you don’t know how)
      2. cat /var/www/html/dvwa/vulnerabilities/exec/source/low.php
    • Notes:
      1. Notice the two shell_exec lines.
      2. These are the lines that execute ping depending on which Operating System is being used.
      3. In Unix/Linux command, you can run multiple command separated by a “;”.
      4. Notice the code does not check that if $target matches an IP Address
        • d+.d+.d+.d+, where “d+” represents a number with the possibility of multiple digits, like 192.168.1.106.
      5. The code allows for an attacker to append commands behind the IP Address.
        1. 192.168.1.106; cat /etc/passwd
  6. Copy the /etc/passwd file to /tmp
    • Instructions:
      1. 192.168.1.106; cat /etc/passwd | tee /tmp/passwd
    • Note:
      • Here we are not only displaying the contents of /etc/passwd on the webpage, but also we are copying the /etc/passwd file to the /tmp directory.

Section 7. Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. Bring up a terminal windows
      2. cd /tmp
      3. ls -l passwd
      4. date
      5. echo “OWASP Cybrary VIETNAM”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “An Toàn Thông Tin”
    • Proof of Lab Instructions:
      1. Do a <PrtScn>
      2. Paste into a word document
      3. Email to AnToanThongTin.Edu.VN@Gmail.Com

Comments

  • Adidas NMD New Net Surface Camouflage Main Purple
    Trả lời

    An impressive share, I simply given this onto a colleague who was doing slightly analysis on this. And he in fact purchased me breakfast as a result of I found it for him.. smile. So let me reword that: Thnx for the deal with! However yeah Thnkx for spending the time to debate this, I really feel strongly about it and love studying extra on this topic. If doable, as you develop into expertise, would you thoughts updating your blog with more details? It’s highly helpful for me. Big thumb up for this blog post!

  • yeezy boost 350
    Trả lời

    I needed to create you this very little observation to help give thanks as before considering the extraordinary thoughts you’ve featured on this site. It was really remarkably generous of you to convey publicly all that numerous people could have offered for sale for an e book to help make some bucks on their own, chiefly given that you might have done it in case you decided. Those things also worked like the easy way to know that most people have the identical fervor like mine to learn much more on the topic of this matter. I believe there are a lot more enjoyable moments in the future for many who looked over your site.
    yeezy boost 350 [url=http://cbi.as/8eyec]yeezy boost 350[/url]

  • nmd uk
    Trả lời

    I intended to put you that bit of observation to help thank you very much again about the exceptional basics you have featured at this time. This is simply tremendously generous of you to provide freely just what most of us would have offered for sale for an e book in making some cash for their own end, primarily given that you might well have done it in the event you decided. Those points additionally acted to be a easy way to fully grasp that other people have the same passion much like my personal own to learn significantly more pertaining to this problem. I’m sure there are lots of more enjoyable periods up front for individuals that look into your website.
    nmd uk

  • michael kors outlet
    Trả lời

    I and also my guys were found to be going through the excellent recommendations located on the website then suddenly I had an awful suspicion I never expressed respect to the web site owner for those techniques. All of the young boys came for this reason glad to see all of them and have in effect seriously been using them. Thank you for indeed being quite accommodating and then for settling on this kind of wonderful themes millions of individuals are really desirous to know about. My personal sincere regret for not expressing gratitude to you earlier.
    michael kors outlet

  • michael kors
    Trả lời

    I wanted to compose you a bit of word to finally give thanks once again with the magnificent opinions you’ve documented on this website. This has been quite unbelievably generous with people like you to supply publicly precisely what most people would have offered for an e book to end up making some profit for themselves, mostly considering the fact that you could have done it if you ever desired. These strategies likewise served as the great way to be aware that many people have similar zeal really like my own to learn way more related to this problem. I believe there are millions of more fun opportunities up front for folks who look into your blog.
    michael kors