PricingBlogAbout Us

System Security: WebGoat, Kali, BackTrack VM and Network Scanning

Verified

Added on  2020/01/07

|13
|999
|347
Practical Assignment
AI Summary
This assignment details the setup and use of WebGoat on a Kali Linux virtual machine, alongside the utilization of a BackTrack VM for security testing. Part A focuses on installing and configuring WebGoat, a deliberately vulnerable web application, and explores common web application vulnerabilities like parameter tampering, insecure storage, injection flaws (including SQL injection), cross-site scripting (XSS), and insecure communication. The assignment provides instructions for exploiting XSS vulnerabilities by injecting malicious scripts and understanding the concepts of Stored XSS and CSRF attacks. Part B shifts to a BackTrack environment, guiding the user through network scanning techniques using Nmap and Netcat to identify live hosts and open ports on a target machine. The assignment emphasizes the practical application of these tools to perform connect scans and assess the target's network security posture. References to external resources for CUDA programming and security concepts are also provided.
Document Page
System Security
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Part A
Setting up WebGoat on Kali
Burp Suite is already installed on Kali. This section shows you how to run Burp Suite and
install WebGoat 5.4 on your Kali VM. Download WebGoat from the URL above, then run
the following commands:
# cd /root
# unzip WebGoat-5.4-OWASP_Standard_Win32.zip
# cd WebGoat 5.4
# nano webgoat.sh
# export JAVA_HOME=/usr/lib/jvm/default-java
Using nano, edit the WebGoat start script, webgoat.sh, and remove the check for Java
version 1.5. You can remove the entire function and if statement that together perform
the check. Once you have removed the check, you can start WebGoat on port 80 with the
following command:
# sh webgoat.sh start80
This command will produce some output, including the URL for WebGoat and the credentials
you will need to log in. This command will not terminate until WebGoat itself is stopped.
Typing ctrl-c in this terminal window will stop WebGoat.
If you run WebGoat on a different machine than the Kali VM, you may not be able to run it
on port 80. In this case, note that WebGoat’s other default port, 8080, is the same as Burp
Suite’s default port, so that you must configure one of the applications to use yet another
Port
Document Page
WebGoat:
1. Parameter tampering
2. Insecure storage
3. Injection flaws
4. Cross-site scripting (except HTTPonly and XST)
5. Insecure communication
Skip any exercises that require you to modify the code of WebGoat itself. You can also skip the XSS
Phishing exercise.
OWASP Stored XSS Definition
Stored attacks are those where the injected code is permanently stored on the target servers, such as in
a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious
script from the server when it requests the stored information.
Stored XSS

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Inject XSS
• View & Edit the profile for
Tom
• Select the Address field
• Paste
<script>alert(0)</script>
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
OWASP CSRF Definition
CSRF is an attack which forces an end user to execute unwanted actions on a web application in which
he/she is currently authenticated. With a little help of social engineering (like sending a link via
email/chat), an attacker may force the users of a web application to execute actions of the attacker's
choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user.
If the targeted end user is the administrator account, this can compromise the entire web application.
Document Page
Solution?
<IMG
SRC=“attack?Screen=97&
menu=410&transferFund
s=4000” width=“1”
height=“1”>
Success
OWASP SQL Injection definition
A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client
to the application. A successful SQL injection exploit can read sensitive data from the database, modify
database data (Insert/Update/Delete), execute administration operations on the database (such as
shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some
cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in
which SQL commands are injected into data-plane input in order to effect the execution of predefined
SQL commands.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Answer!
• Type in Smith
• Smith' OR '1'='1
• Smith' OR 'a'='a
• Try different combinations to see what comes
out of the SQL query
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
Document Page
Part B
A security testing VM BACKTRACK, running the BackTrack5 penetration testing Linux distribution. The
Target of Evaluation (ToE) TARGET machine will be a Web Server running an Operating Systems (OS) and
network applications with several vulnerabilities, and is located somewhere in the range 10.200.0.0 to
10.200.0.10.
Login to your Security Testing platform as the user root, with the password napier_toor, and use the
startx command to run the X-Windows GUI. You should now have the BAKTRACK VM GUI running, as
shown below.
From BACKTRACK, open a Terminal window (Applications>Accessories>Terminal), and use the dhclient
command to get an ip address, then the ifconfig command to find details of the network interfaces, as
shown below. You should be connected to the virtual target LAN network via an Ethernet interface.

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

Document Page
Nmap
From BACKTRACK perform a host sweep using nmap, of IP Addresses between 0-
20, to check the which machines are up.
nmap –sP host_range
tabler-icon-diamond-filled.svg

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
To start genlist and display its options, select BackTrack>Information Gathering>Network
Analysis>Identify Live Hosts>genlist, or open a Terminal Window and type the genlist command.
To find live machines on the LAN, (which respond to ICMP probes) use a command similar to the
following:
genlist –s 10.200.0.0-20
Document Page
BACKTRACK use Netcat to port scan for open ports on the TARGET machine, using a command such as
the following. The –z and –w are used to speed up the scan.
nc –vv –z –w2 <TARGET_IPADDRESS> 20-150
TCP Connect Scan
Now from BACKTRACK, use the following to perform a Full Connect Scan to the TARGET machine. This
type of scan completes the 3-way handshake. This will scan the target, for all ports defined in the nmap-
services file.
nmap –sT <TARGET_IPADDRESS>

This is a preview!

Do you want full access?

icon

Trusted by 1+ million students worldwide

chevron_up_icon
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
logo.png

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.