Setting Up WebGoat and BackTrack VM

Verified

Added on 2020/01/07

AI Summary

This assignment involves setting up WebGoat on Kali and running Burp Suite, as well as exploring OWASP Stored XSS, CSRF, and SQL Injection definitions. It also covers using a security testing VM called BackTrack to test the Target machine for vulnerabilities.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

System Security

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Part A
Setting up WebGoat on Kali
Burp Suite is already installed on Kali. This section shows you how to run Burp Suite and
install WebGoat 5.4 on your Kali VM. Download WebGoat from the URL above, then run
the following commands:
# cd /root
# unzip WebGoat-5.4-OWASP_Standard_Win32.zip
# cd WebGoat 5.4
# nano webgoat.sh
# export JAVA_HOME=/usr/lib/jvm/default-java
Using nano, edit the WebGoat start script, webgoat.sh, and remove the check for Java
version 1.5. You can remove the entire function and if statement that together perform
the check. Once you have removed the check, you can start WebGoat on port 80 with the
following command:
# sh webgoat.sh start80
This command will produce some output, including the URL for WebGoat and the credentials
you will need to log in. This command will not terminate until WebGoat itself is stopped.
Typing ctrl-c in this terminal window will stop WebGoat.
If you run WebGoat on a different machine than the Kali VM, you may not be able to run it
on port 80. In this case, note that WebGoat’s other default port, 8080, is the same as Burp
Suite’s default port, so that you must configure one of the applications to use yet another
Port

WebGoat:
1. Parameter tampering
2. Insecure storage
3. Injection flaws
4. Cross-site scripting (except HTTPonly and XST)
5. Insecure communication
Skip any exercises that require you to modify the code of WebGoat itself. You can also skip the XSS
Phishing exercise.
OWASP Stored XSS Definition
Stored attacks are those where the injected code is permanently stored on the target servers, such as in
a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious
script from the server when it requests the stored information.
Stored XSS

Inject XSS
• View & Edit the profile for
Tom
• Select the Address field
• Paste
<script>alert(0)</script>

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

OWASP CSRF Definition
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which
he/she is currently authenticated. With a little help of social engineering (like sending a link via
email/chat), an attacker may force the users of a web application to execute actions of the attacker's
choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user.
If the targeted end user is the administrator account, this can compromise the entire web application.

Solution?
<IMG
SRC=“attack?Screen=97&
menu=410&transferFund
s=4000” width=“1”
height=“1”>
Success
OWASP SQL Injection definition
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client
to the application. A successful SQL injection exploit can read sensitive data from the database, modify
database data (Insert/Update/Delete), execute administration operations on the database (such as
shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some
cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in
which SQL commands are injected into data-plane input in order to effect the execution of predefined
SQL commands.

Answer!
• Type in Smith
• Smith' OR '1'='1
• Smith' OR 'a'='a
• Try different combinations to see what comes
out of the SQL query

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Part B
A security testing VM BACKTRACK, running the BackTrack5 penetration testing Linux distribution. The
Target of Evaluation (ToE) TARGET machine will be a Web Server running an Operating Systems (OS) and
network applications with several vulnerabilities, and is located somewhere in the range 10.200.0.0 to
10.200.0.10.
Login to your Security Testing platform as the user root, with the password napier_toor, and use the
startx command to run the X-Windows GUI. You should now have the BAKTRACK VM GUI running, as
shown below.
From BACKTRACK, open a Terminal window (Applications>Accessories>Terminal), and use the dhclient
command to get an ip address, then the ifconfig command to find details of the network interfaces, as
shown below. You should be connected to the virtual target LAN network via an Ethernet interface.

Nmap
From BACKTRACK perform a host sweep using nmap, of IP Addresses between 0-
20, to check the which machines are up.
nmap –sP host_range

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

To start genlist and display its options, select BackTrack>Information Gathering>Network
Analysis>Identify Live Hosts>genlist, or open a Terminal Window and type the genlist command.
To find live machines on the LAN, (which respond to ICMP probes) use a command similar to the
following:
genlist –s 10.200.0.0-20

BACKTRACK use Netcat to port scan for open ports on the TARGET machine, using a command such as
the following. The –z and –w are used to speed up the scan.
nc –vv –z –w2 <TARGET_IPADDRESS> 20-150
TCP Connect Scan
Now from BACKTRACK, use the following to perform a Full Connect Scan to the TARGET machine. This
type of scan completes the 3-way handshake. This will scan the target, for all ports defined in the nmap-
services file.
nmap –sT <TARGET_IPADDRESS>

Reference
http://www.nvidia.com/object/cuda_home.html http://forums.nvidia.com
http://impact.crhc.illinois.edu/ftp/report/impact-08-01-mcuda.pdf
https://visualization.hpc.mil/wiki/GPGPU
http://developer.download.nvidia.com/compute/cuda/1_0/NVIDIA_CUDA_Programming_Guide_1.0.pdf
http://pyrit.wordpress.com/
http://www.cryptohaze.com/
http://backtrack-linux.org/forums/

1 out of 13