Hướng Dẫn Thực Hành : Using Tamper Data with crack_web_form.pl (DVWA): Lesson 5

{ Using Tamper Data with crack_web_form.pl }

Section 0. Background Information
  • What is Damn Vulnerable Web App (DVWA)?
    • Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.
    • Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
  • Pre-Requisite Lab
  • Lab Notes
    • In this lab we will do the following:
      1. We will enable Tamper Data in BackTrack’s Firefox
      2. We will use Tamper Data to discover DVWA’s HTTP POST DATA string.
      3. We will configure crack_web_form.pl, which was written by computersecuritystudent.com.
      4. We will use crack_web_form.pl to discover the admin password to DVWA.
  • Legal Disclaimer
       Tài liệu dùng cho việc nghiên cứu và học tập
Section 1. Configure Fedora14 Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start –> All Program –> VMWare –> VMWare Player
  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight fedora14
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click on the OK Button.

Section 2. Login to Fedora14
  1. Start Fedora14 VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select Fedora14
      3. Play virtual machine
  2. Login to Fedora14
    • Instructions:
      1. Login: student
      2. Password: <whatever you set it to>.

Section 3. Open Console Terminal and Retrieve IP Address
  1. Start a Terminal Console
    • Instructions:
      1. Applications –> Terminal
  2. Switch user to root
    • Instructions:
      1. su – root
      2. <Whatever you set the root password to>
  3. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.106.
      • Please record your IP address.

Section 4. Temporarily Disable SELINUX and Firewall
  1. Start a Terminal Console
    • Instructions:
      1. sestatus
      2. If SELinux status: is set to disabled OR if Current mode: is set to permissive, then skip the next steps, and Continue to the Next Section.
      3. If SELinux status: is set to enabled AND if Current mode: is set to enforcing, then Continue the next steps.
    • Notes:
      • In my case, I need to temporarily put selinux in permissive mode to demonstrate basic attacks on DVWA.
  2. Place selinux in permissive mode
    • Instructions:
      1. echo 0 > /selinux/enforce
        • Placing a “0” in the enforce file, puts selinux in permissive mode.
      2. sestatus
        • Notice that “Current mode:” changed to permissive.
  3. Disable Firewall
    • Instructions:
      1. service iptables save
        • This is not really necessary, unless you have made recent changes to the firewall.
      2. service iptables stop
        • This command disables the firewall.
Section 5. Configure BackTrack Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start –> All Program –> VMWare –> VMWare Player
  2. Edit BackTrack Virtual Machine Settings
    • Instructions:
      1. Highlight BackTrack5R1
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Do not Click on the OK Button.

Section 6. Login to BackTrack
  1. Start BackTrack VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select BackTrack5R1
      3. Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 7. Open Console Terminal and Retrieve IP Address
  1. Open a console terminal
    • Instructions:
      1. Click on the console terminal
  2. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes:
      • As indicated below, my IP address is 192.168.1.105.
      • Please record your IP address.

Section 8. Configure Tamper Data
  1. Start Firefox
    • Instructions:
      1. Click on Firefox
  2. Select Add-ons
    • Instructions:
      1. Tools –> Add-ons
  3. Enable Tamper Data
    • Instructions:
      1. Click on Extensions
      2. Click on Tamper Data Enable Button
  4. Restart Firefox
    • Instructions:
      1. Click Restart Now (See Picture)

Section 9. Capturing HTTP-POST-DATA with Tamper Data
  1. Start DVWA
    • Instructions:
      1. Start up Firefox on BackTrack
      2. Place http://192.168.1.106/dvwa/login.php in the address bar.
        • Replace 192.168.1.106 with Fedora’s IP address obtained in (Section 3, Step 3).
  2. Engage Tamper Data
    • Instructions:
      1. Tools –> Tamper Data
  3. Start Tamper Data
    • Instructions:
      1. Click on Start Tamper
  4. Login to DVWA
    • Instructions:
      1. Login: admin
      2. Password: password
      3. Click on Login
  5. Tamper with request?
    • Instructions:
      1. Uncheck the Continue Tampering checkbox
      2. Click Submit
  6. Stop Tamper
    • Instructions:
      1. Click on Stop Tamper
  7. Copy POSTDATA String
    • Instructions:
      1. Click on the First POST line.
      2. Right Click on POSTDATA and Select Copy
  8. Start Up Notepad
    • Instructions:
      1. Applications –> Wine –> Programs –> Accessories –> Notepad
  9. Paste Post Data in Notepad
    • Instructions:
      1. Edit –> Paste
  10. Logout of DVWA
    • Instructions:
      1. Click Logout
  11. Record Failed Message
    • Instructions:
      1. Username: admin
      2. Password: wrongpassword
      3. Click Login Button
      4. Right Click on Login failed, Select Copy.
  12. Paste in Notepad
    • Instructions:
      1. Edit –> Paste
  13. Save in Notepad
    • Instructions:
      1. File –> Save
      2. Filename: dvwa-post-data.txt
      3. Click Save

Section 10. Configuring and running crack_web_form.pl
  1. Make Directory
    • Instructions:
      1. mkdir /pentest/passwords/cwf
  2. Download File
    • Instructions:
      1. Start Up Firefox in BackTrack
      2. Input the below URL into the address bar
        • http://www.computersecuritystudent.com/SECURITY_TOOLS/DVWA/DVWAv107/lesson5/cwf.tar.gz
      3. Select Save File Radio Button
      4. Click OK
  3. Save File
    • Instructions:
      1. Click on File System
      2. Click on pentest
      3. Click on passwords
      4. Click on cwf
      5. Click Save
  4. Un-tar Crack Web Form
    • Instructions:
      1. cd /pentest/passwords/cwf
      2. ls -l
      3. tar xovfz cwf.tar.gz
      4. chmod 700 crack_web_form.pl
  5. Crack Web Form Functionality
    • Instructions:
      1. ./crack_web_form.pl -help
  6. Using Crack Web Form
    • Note(FYI):
      • Replace 192.168.1.106 with the IP Address obtained (Section 3, Step 3).
    • Instructions:
      1. ./crack_web_form.pl -U admin -http “http://192.168.1.106/dvwa/login.php” -data “username=USERNAME&password=PASSWORD&Login=Login” -M “Failed Login”
        • -U, Is an optional parameter.  It allows you to specify a username.  If the username is not supplied, then the username will default to admin.
        • -P, Is an optional parameter.  It allows you to specify the location of the password file.  The default password file is set to the password.txt file located in the same directory as crack_web_form.pl.
        • -http, Is a required parameter. It allows to specify the login page.  Supply the login page you used in (Section 9, Step 1).
        • -data, Is a required parameter. It allows you to specify the HTTP POST DATA.
          • username=USERNAME, where USERNAME is either the default “admin” or replaced by the user supplied parameter.
          • password=PASSWORD, where PASSWORD is replaced by values in the password file.
        • -M, Is an optional parameter.  It allows you to specify the authentication failure message.  Supply the failure message you obtained in (Section 9, Step 11).  The default failure message is set to “fail|invalid|error”, where the message is case insensitive.
  7. View Crack Web Form results
    • Instructions:
      1. Notice it took 239 attempt to discover the correct password.

Section 11. Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. cd /pentest/passwords/cwf
      2. grep Successful crack_output.txt
      3. date
      4. echo “Your Name”
        • Replace the string “Your Name” with your actual name.
        • e.g., echo “John Gray”
    • Proof of Lab Instructions:
      1. Do a <PrtScn>
      2. Paste into a word document
      3. Email to AnToanThongTin.Edu.VN@Gmail.Com

Comments