In Ethical Hacking 6 - Web Hacking, I will explore the complexity of web application security. This lesson provides a comprehensive understanding of common web application attacks and their mitigation techniques. I will delve into the impact of Cross-Site Scripting (XSS) attacks, which can compromise web content, and gain insights into SQL injection vulnerabilities, including practical exploitation methods like '1' OR '1'='1'. The lesson also covers the utility of the Union statement in SQL injection attacks. Additionally, I will learn how to effectively navigate the W3School website to discover preventive measures against XSS and SQLi attacks. This lesson equips me with valuable knowledge and tools to assess and enhance web application security.
Environment Used
Windows, and Metasploitable2 VM
Network Attached to: Host-only Adapter
Name: Virtualbox Host-Only Ethernet Adapter #2
IP Address = 10.0.3 Network
Device Breakdown:
My own local machine: Victim Device
Windows VM: Hacking Device
Metasploitable2 VM: Victim Device
Tool Used:
DVWA on Metasploitable2 VM
Prepping For Web Hacking
Open up Metasploitable2 and Windows on the Oracle VM Application
Check if the IP Addresses are on the 10.0.3 Network
Windows VM = 10.0.3.4
Metasploitable2 VM = 10.0.3.6
On Windows VM, open up both Microsoft Edge and Google Chrome Browsers
If you don't have Google Chrome, change the network to NAT Network and download Chrome then switch back to the 10.0.3 Network
On both browsers, type in: 10.0.3.6 [Metasploitable2]
Windows VM browsing Metasploitable2's IP with Chrome and Edge
- Click on DVWA (Darn Vulnerability Web Application) in the Edge Browser
- Log in using username: admin; password: password. Noted on the bottom of the browser page
Log in DVWA with Edge
Deploying Cross-Site Scripting (XSS) Attacks
1. On the DVWA page on Edge click on > Setup > Create/ Reset Database
- Should say Setup successful
2. On the DVWA page on Edge click on > DVWA Security > Change Script Security from high to low
3. On the DVWA page on Edge click on > XSS reflected > Type: jeff
- After typing jeff in the box; the URL also changed
- We can Cross-Site Script by typing in the box:
- We successfully injected a message saying "You have been hacked!
XSS Attack on DVWA
4. On the DVWA page on Edge click on > XSS stored > Type: name: jeff; message:
- This will store the script, so every time I go to the XSS stored page, a message of: "You have been hacked!" will display
5. When we repeat steps 2 and 3 on the Chrome browser, then on step 4:
- On the DVWA page on Chrome click on > XSS stored >
- > Type: john; message:
- Chrome will have an error and block the page and say there is an unusual code on this page
- This protects us from reflected cross-site scripting
- But it will still store the script and when we refresh the page, it will say "You have been hacked!" twice
XSS Attack error on Chrome
6. Go to my own local machine and repeat steps 2 and 3
- On the DVWA page on Chrome click on > XSS stored > name: john;
- Instead of typing in the message:
- >
- We will type:
- >
- This will redirect the browser to a completely different webpage [Ge.com] at the end after saying you have been hacked twice
XSS Attack redirect on our local machine
Deploying Structured Query Language Injection (SQLi) Attacks
1. Reset the Database:
- On the DVWA page on Edge click on > Setup > Create/ Reset Database
- Should say Setup successful
2. On the DVWA page on Edge click on > SQL Injection > type: "1" to "5"
- Check the User ID 1 to 5; there are only 5 users because there is nothing when I input "6"
3. On the DVWA page on Edge click on > SQL Injection > type:
- > 1' or '1'='1
- This mean User ID = 1 or 1 = 1
- or 1 = 1 is True for all users, so it will display all user
SQLi on User ID
Advanced SQLi Attacks
1. On the DVWA page on Edge click on > SQL Injection > type:
- > 1' union select user, password from users#
- union = a way we join two queries/tables/databases together
- select user, password from users = give us the password hash that we can use on any website to lookup
- "#" = Added just in case there are other things at the end of the query, separate anything afterward as a comment
SQLi on User ID to find password hash
2. After getting the password hash we can go back to what we learned from the cracking passwords lesson and use websites such as [hashes](https://hashes.com/en/decrypt/hash) website to crack the hash
Protect Against Web Application from XSS and SQLi
- We can go to the [w3schools](https://www.w3schools.com/) website and check how to protect against XSS and SQLi
- [PHP Form Validation](https://www.w3schools.com/php/php_form_validation.asp) shows that htmlspecialchars() and strip_tags function can prevent against the XSS and SQLi that was shown in this lesson
Conclusion
In conclusion, Ethical Hacking 6 - Web Hacking equips me with a deep understanding of web application security, focusing on prevalent attacks like Cross-Site Scripting (XSS) and SQL injection. I'll gain insights into their potential damage and learn practical protection measures such as using strip tags and the htmlspecialchars() function. This knowledge empowers me to safeguard against these common threats effectively.
Ethical Hacking 6 - Web Hacking
Description:
In Ethical Hacking 6 - Web Hacking, I will explore the complexity of web application security. This lesson provides a comprehensive understanding of common web application attacks and their mitigation techniques. I will delve into the impact of Cross-Site Scripting (XSS) attacks, which can compromise web content, and gain insights into SQL injection vulnerabilities, including practical exploitation methods like '1' OR '1'='1'. The lesson also covers the utility of the Union statement in SQL injection attacks. Additionally, I will learn how to effectively navigate the W3School website to discover preventive measures against XSS and SQLi attacks. This lesson equips me with valuable knowledge and tools to assess and enhance web application security.
Environment Used
Windows, and Metasploitable2 VM
Device Breakdown:
Tool Used:
Prepping For Web Hacking
Open up Metasploitable2 and Windows on the Oracle VM Application
On Windows VM, open up both Microsoft Edge and Google Chrome Browsers
Windows VM browsing Metasploitable2's IP with Chrome and Edge
- Click on DVWA (Darn Vulnerability Web Application) in the Edge Browser - Log in using username: admin; password: password. Noted on the bottom of the browser page
Log in DVWA with Edge
Deploying Cross-Site Scripting (XSS) Attacks
1. On the DVWA page on Edge click on > Setup > Create/ Reset Database - Should say Setup successful 2. On the DVWA page on Edge click on > DVWA Security > Change Script Security from high to low 3. On the DVWA page on Edge click on > XSS reflected > Type: jeff - After typing jeff in the box; the URL also changed - We can Cross-Site Script by typing in the box: - We successfully injected a message saying "You have been hacked!XSS Attack on DVWA
4. On the DVWA page on Edge click on > XSS stored > Type: name: jeff; message: - This will store the script, so every time I go to the XSS stored page, a message of: "You have been hacked!" will display 5. When we repeat steps 2 and 3 on the Chrome browser, then on step 4: - On the DVWA page on Chrome click on > XSS stored > - > Type: john; message: - Chrome will have an error and block the page and say there is an unusual code on this page - This protects us from reflected cross-site scripting - But it will still store the script and when we refresh the page, it will say "You have been hacked!" twice
XSS Attack error on Chrome
6. Go to my own local machine and repeat steps 2 and 3 - On the DVWA page on Chrome click on > XSS stored > name: john; - Instead of typing in the message: - > - We will type: - > - This will redirect the browser to a completely different webpage [Ge.com] at the end after saying you have been hacked twice
XSS Attack redirect on our local machine
Deploying Structured Query Language Injection (SQLi) Attacks
1. Reset the Database: - On the DVWA page on Edge click on > Setup > Create/ Reset Database - Should say Setup successful 2. On the DVWA page on Edge click on > SQL Injection > type: "1" to "5" - Check the User ID 1 to 5; there are only 5 users because there is nothing when I input "6" 3. On the DVWA page on Edge click on > SQL Injection > type: - > 1' or '1'='1 - This mean User ID = 1 or 1 = 1 - or 1 = 1 is True for all users, so it will display all userSQLi on User ID
Advanced SQLi Attacks
1. On the DVWA page on Edge click on > SQL Injection > type: - > 1' union select user, password from users# - union = a way we join two queries/tables/databases together - select user, password from users = give us the password hash that we can use on any website to lookup - "#" = Added just in case there are other things at the end of the query, separate anything afterward as a commentSQLi on User ID to find password hash
2. After getting the password hash we can go back to what we learned from the cracking passwords lesson and use websites such as [hashes](https://hashes.com/en/decrypt/hash) website to crack the hash
Protect Against Web Application from XSS and SQLi
- We can go to the [w3schools](https://www.w3schools.com/) website and check how to protect against XSS and SQLi - [PHP Form Validation](https://www.w3schools.com/php/php_form_validation.asp) shows that htmlspecialchars() and strip_tags function can prevent against the XSS and SQLi that was shown in this lessonConclusion
In conclusion, Ethical Hacking 6 - Web Hacking equips me with a deep understanding of web application security, focusing on prevalent attacks like Cross-Site Scripting (XSS) and SQL injection. I'll gain insights into their potential damage and learn practical protection measures such as using strip tags and the htmlspecialchars() function. This knowledge empowers me to safeguard against these common threats effectively.