Diferències
Ací es mostren les diferències entre la revisió seleccionada i la versió actual de la pàgina.
| Ambdós costats versió prèvia Revisió prèvia Següent revisió | Revisió prèvia | ||
| info:cursos:pue:ethical-hacker:sesion4 [20/02/2025 04:55] – [Module 16: Hacking Wireless Networks] mate | info:cursos:pue:ethical-hacker:sesion4 [20/02/2025 07:54] (actual) – [Lab 2: Perform Wireless Attacks] mate | ||
|---|---|---|---|
| Línia 74: | Línia 74: | ||
| - Perform DNS Interrogation to gather information about the DNS servers, DNS records, and types of servers used by the target organization. DNS zone data include DNS domain names, computer names, IP addresses, domain mail servers, service records, etc. | - Perform DNS Interrogation to gather information about the DNS servers, DNS records, and types of servers used by the target organization. DNS zone data include DNS domain names, computer names, IP addresses, domain mail servers, service records, etc. | ||
| - Use tools such as, DNSRecon (https:// | - Use tools such as, DNSRecon (https:// | ||
| - | - In the Parrot Terminal window, run nmap -T4 -A -v [Target Web Application] command (here, the target web application is www.moviescope.com) to perform a port and service discovery scan.{{: | + | - In the Parrot Terminal window, run nmap -T4 -A -v [Target Web Application] command (here, the target web application is www.moviescope.com) to perform a port and service discovery scan.{{: |
| - | - In the terminal window, run command telnet www.moviescope.com 80 to establish a telnet connection with the target machine.{{: | + | - In the terminal window, run command telnet www.moviescope.com 80 to establish a telnet connection with the target machine.{{: |
| ==== Task 2: Perform Web Spidering using OWASP ZAP | ==== Task 2: Perform Web Spidering using OWASP ZAP | ||
| - In the Terminal window, type zaproxy and press Enter to launch OWASP ZAP. | - In the Terminal window, type zaproxy and press Enter to launch OWASP ZAP. | ||
| - | - After completing initialization, | + | - After completing initialization, |
| - | - The Automated Scan wizard appears; enter the target website under the URL to attack field (here, www.moviescope.com). Leave the other settings to default and click the Attack button.{{: | + | - The Automated Scan wizard appears; enter the target website under the URL to attack field (here, www.moviescope.com). Leave the other settings to default and click the Attack button.{{: |
| - | - OWASP ZAP starts scanning the target website. You can observe various URLs under the Spider tab.{{: | + | - OWASP ZAP starts scanning the target website. You can observe various URLs under the Spider tab.{{: |
| - | - After performing web spidering, OWASP ZAP performs active scanning. Navigate to the Active Scan tab to observe the various scanned links.{{: | + | - After performing web spidering, OWASP ZAP performs active scanning. Navigate to the Active Scan tab to observe the various scanned links.{{: |
| - | - After completing the active scan, the results appear under the Alerts tab, displaying the various vulnerabilities and issues associated with the target website, as shown in the screenshot.{{: | + | - After completing the active scan, the results appear under the Alerts tab, displaying the various vulnerabilities and issues associated with the target website, as shown in the screenshot.{{: |
| - Now, click on the Spider tab from the lower section of the window to view the web spidering information. By default, the URLs tab appears under the Spider tab. | - Now, click on the Spider tab from the lower section of the window to view the web spidering information. By default, the URLs tab appears under the Spider tab. | ||
| - | - The URLs tab contains various links for hidden content and functionality associated with the target website (www.moviescope.com).{{: | + | - The URLs tab contains various links for hidden content and functionality associated with the target website (www.moviescope.com).{{: |
| - | - Now, navigate to the Messages tab under the Spider tab to view more detailed information regarding the URLs obtained while performing the web spidering, as shown in the screenshot. In real-time, attackers perform web spidering or crawling to discover hidden content and functionality, | + | - Now, navigate to the Messages tab under the Spider tab to view more detailed information regarding the URLs obtained while performing the web spidering, as shown in the screenshot. In real-time, attackers perform web spidering or crawling to discover hidden content and functionality, |
| ==== Task 3: Perform Web Application Vulnerability Scanning using SmartScanner | ==== Task 3: Perform Web Application Vulnerability Scanning using SmartScanner | ||
| - | - SmartScanner window appears. In the enter site address to scan field, enter www.moviescope.com and click scan button.{{: | + | - SmartScanner window appears. In the enter site address to scan field, enter www.moviescope.com and click scan button.{{: |
| - | - The tool starts scanning the target website for vulnerabilities.{{: | + | - The tool starts scanning the target website for vulnerabilities.{{: |
| - | - Once the tool completes scanning, it will display the issues that are found under Found Issues section and Severity of Issues.{{: | + | - Once the tool completes scanning, it will display the issues that are found under Found Issues section and Severity of Issues.{{: |
| - | - Now, expand Password Sent Over HTTP and click on first http:// | + | - Now, expand Password Sent Over HTTP and click on first http:// |
| - | - In the right pane, scroll down to the DESCRIPTION part. We can observe that this website contains a vulnerability, | + | - In the right pane, scroll down to the DESCRIPTION part. We can observe that this website contains a vulnerability, |
| - You can also go through the RECOMMENDATION section to check for the recommended actions to patch the vulnerability. | - You can also go through the RECOMMENDATION section to check for the recommended actions to patch the vulnerability. | ||
| - Now, under REFERENCES section, press Ctrl and click on CWE-319 hyperlink . | - Now, under REFERENCES section, press Ctrl and click on CWE-319 hyperlink . | ||
| - A CWE website appears in Microsoft Edge web browser, displaying the details of CWE-319 ClearText Transmission of Sensitive Information. | - A CWE website appears in Microsoft Edge web browser, displaying the details of CWE-319 ClearText Transmission of Sensitive Information. | ||
| - | - Similarly, click the http:// | + | - Similarly, click the http:// |
| - | - Scroll down to the DESCRIPTION here, we can observe that the X-Frame-Options Header is Missing which will make this site vulnerable to click-jacking.{{: | + | - Scroll down to the DESCRIPTION here, we can observe that the X-Frame-Options Header is Missing which will make this site vulnerable to click-jacking.{{: |
| - Now, expand X-Content-Type-Options Header is Missing node and click on http:// | - Now, expand X-Content-Type-Options Header is Missing node and click on http:// | ||
| - | - Under DESCRIPTION section we can observe that the browsers can perform MIME sniffing which can cause the browsers to transform non-executable content into executable content.{{: | + | - Under DESCRIPTION section we can observe that the browsers can perform MIME sniffing which can cause the browsers to transform non-executable content into executable content.{{: |
| - Similarly, you can view the the RECOMMENDATION section and click on the reference link under REFERENCES section. | - Similarly, you can view the the RECOMMENDATION section and click on the reference link under REFERENCES section. | ||
| - You can also use other web application vulnerability scanning tools such as: | - You can also use other web application vulnerability scanning tools such as: | ||
| Línia 116: | Línia 116: | ||
| - Click the Show hidden icons icon, observe that the WampServer icon appears. | - Click the Show hidden icons icon, observe that the WampServer icon appears. | ||
| - Wait for this icon to turn green, which indicates that the WampServer is successfully running. | - Wait for this icon to turn green, which indicates that the WampServer is successfully running. | ||
| - | - Launch the Mozilla Firefox web browser and go to http:// | + | - Launch the Mozilla Firefox web browser and go to http:// |
| - Here, we will perform a brute-force attack on the designated WordPress website hosted by the Windows Server 2022 machine. | - Here, we will perform a brute-force attack on the designated WordPress website hosted by the Windows Server 2022 machine. | ||
| - | - Now, we shall set up a Burp Suite proxy by first configuring the proxy settings of the browser.In the Mozilla Firefox browser, click the Open application menu icon in the right corner of the menu bar and select Settings from the drop-down list. The General settings tab appears. In the Find in Settings search bar, search for proxy and in the Search Results, click the Settings button under the Network Settings option.{{: | + | - Now, we shall set up a Burp Suite proxy by first configuring the proxy settings of the browser.In the Mozilla Firefox browser, click the Open application menu icon in the right corner of the menu bar and select Settings from the drop-down list. The General settings tab appears. In the Find in Settings search bar, search for proxy and in the Search Results, click the Settings button under the Network Settings option.{{: |
| - | - The Connection Settings window appears; select the Manual proxy configuration radio button and specify the HTTP Proxy as 127.0.0.1 and the Port as 8080. Tick the Also use this proxy for HTTPS checkbox and click OK. Close the Settings tab and minimize the browser window.{{: | + | - The Connection Settings window appears; select the Manual proxy configuration radio button and specify the HTTP Proxy as 127.0.0.1 and the Port as 8080. Tick the Also use this proxy for HTTPS checkbox and click OK. Close the Settings tab and minimize the browser window.{{: |
| - | - Now, minimize the browser window, click the Applications menu form the top left corner of Desktop, and navigate to Pentesting --> Web Application Analysis --> Web Application Proxies --> Burpsuite CE to launch the Burpsuite CE application.{{: | + | - Now, minimize the browser window, click the Applications menu form the top left corner of Desktop, and navigate to Pentesting --> Web Application Analysis --> Web Application Proxies --> Burpsuite CE to launch the Burpsuite CE application.{{: |
| - In the next window, select the Use Burp defaults radio-button and click the Start Burp button. | - In the next window, select the Use Burp defaults radio-button and click the Start Burp button. | ||
| - | - The Burp Suite main window appears; click the Proxy tab from the available options in the top section of the window.{{: | + | - The Burp Suite main window appears; click the Proxy tab from the available options in the top section of the window.{{: |
| - | - In the Proxy settings, by default, the Intercept tab opens-up. Observe that by default, the interception is active as the button says Intercept is on. Leave it running.{{: | + | - In the Proxy settings, by default, the Intercept tab opens-up. Observe that by default, the interception is active as the button says Intercept is on. Leave it running.{{: |
| - Switch back to the browser window. On the login page of the target WordPress website, type random credentials, | - Switch back to the browser window. On the login page of the target WordPress website, type random credentials, | ||
| - Switch back to the Burp Suite window; observe that the HTTP request was intercepted by the application. | - Switch back to the Burp Suite window; observe that the HTTP request was intercepted by the application. | ||
| - | - Now, right-click anywhere on the HTTP request window, and from the context menu, click Send to Intruder.{{: | + | - Now, right-click anywhere on the HTTP request window, and from the context menu, click Send to Intruder.{{: |
| - | - Now, click on the Intruder tab from the toolbar and observe that under the Intruder tab, the Positions tab appears by default. In the Positions tab under the Intruder tab observe that Burp Suite sets the target positions by default, as shown in the HTTP request. Click the Clear § button from the right-pane to clear the default payload values. {{: | + | - Now, click on the Intruder tab from the toolbar and observe that under the Intruder tab, the Positions tab appears by default. In the Positions tab under the Intruder tab observe that Burp Suite sets the target positions by default, as shown in the HTTP request. Click the Clear § button from the right-pane to clear the default payload values. {{: |
| - | - Once you clear the default payload values, select Cluster bomb from the Attack type drop-down list. Cluster bomb uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 20). The attack iterates through each payload set in turn so that all permutations of payload combinations are tested. For example, if there are two payload positions, the attack will place the first payload from payload set 2 into position 2 and iterate through all payloads in payload set 1 in position 1; it will then place the second payload from payload set 2 into position 2 and iterate through all the payloads in payload set 1 in position 1. {{: | + | - Once you clear the default payload values, select Cluster bomb from the Attack type drop-down list. Cluster bomb uses multiple payload sets. There is a different payload set for each defined position (up to a maximum of 20). The attack iterates through each payload set in turn so that all permutations of payload combinations are tested. For example, if there are two payload positions, the attack will place the first payload from payload set 2 into position 2 and iterate through all payloads in payload set 1 in position 1; it will then place the second payload from payload set 2 into position 2 and iterate through all the payloads in payload set 1 in position 1. {{: |
| - | - Now, we will set the username and password as the payload values. To do so, select the username value entered in Step#14 and click Add § from the right-pane. Similarly, select the password value entered in Step#14 and click Add § from the right-pane.{{: | + | - Now, we will set the username and password as the payload values. To do so, select the username value entered in Step#14 and click Add § from the right-pane. Similarly, select the password value entered in Step#14 and click Add § from the right-pane.{{: |
| - | - Once the username and password payloads are added. The symbol ‘§’ will be added at the start and end of the selected payload values. Here, as the screenshot shows, the values are admin and password.{{: | + | - Once the username and password payloads are added. The symbol ‘§’ will be added at the start and end of the selected payload values. Here, as the screenshot shows, the values are admin and password.{{: |
| - Navigate to the Payloads tab under the Intruder tab and ensure that under the Payload Sets section, the Payload set is selected as 1, and the Payload type is selected as Simple list. Under the Payload settings [Simple list] section, click the Load… button. | - Navigate to the Payloads tab under the Intruder tab and ensure that under the Payload Sets section, the Payload set is selected as 1, and the Payload type is selected as Simple list. Under the Payload settings [Simple list] section, click the Load… button. | ||
| - | - A file selection window appears; navigate to the location / | + | - A file selection window appears; navigate to the location / |
| - | - Observe that the selected username.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: | + | - Observe that the selected username.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: |
| - | - Similarly, load a password file for the payload set 2. To do so, under the Payload Sets section, select the Payload set as 2 from the drop-down options and ensure that the Payload type is selected as Simple list.{{: | + | - Similarly, load a password file for the payload set 2. To do so, under the Payload Sets section, select the Payload set as 2 from the drop-down options and ensure that the Payload type is selected as Simple list.{{: |
| - | - Observe that selected password.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: | + | - Observe that selected password.txt file content appears under the Payload settings [Simple list] section, as shown in the screenshot.{{: |
| - | - Once the wordlist files are selected as payload values, click the Start attack button to launch the attack.{{: | + | - Once the wordlist files are selected as payload values, click the Start attack button to launch the attack.{{: |
| - | - The Intruder attack of 10.10.1.22 window appears as the brute-attack initializes. It displays various username-password combinations along with the Length of the response and the Status.{{: | + | - The Intruder attack of 10.10.1.22 window appears as the brute-attack initializes. It displays various username-password combinations along with the Length of the response and the Status.{{: |
| - After the progress bar completes, scroll down and observe the different values of Status and Length. Here, Status=302 and Length= 1155. | - After the progress bar completes, scroll down and observe the different values of Status and Length. Here, Status=302 and Length= 1155. | ||
| - | - In the Raw tab under the Request tab, the HTTP request with a set of the correct credentials is displayed. (here, username=admin and password=qwerty@123), | + | - In the Raw tab under the Request tab, the HTTP request with a set of the correct credentials is displayed. (here, username=admin and password=qwerty@123), |
| ==== Task 2: Perform Remote Code Execution (RCE) Attack | ==== Task 2: Perform Remote Code Execution (RCE) Attack | ||
| Línia 152: | Línia 152: | ||
| - Now, open any web browser, and go to http:// | - Now, open any web browser, and go to http:// | ||
| - A WordPress webpage appears. Type Username or Email Address and Password as admin and qwerty@123. Click the Log In button. | - A WordPress webpage appears. Type Username or Email Address and Password as admin and qwerty@123. Click the Log In button. | ||
| - | - Hover your mouse cursor on Plugins in the left pane and click Installed Plugins, as shown in the screenshot.{{: | + | - Hover your mouse cursor on Plugins in the left pane and click Installed Plugins, as shown in the screenshot.{{: |
| - Open Mozilla Firefox web browser and go to https:// | - Open Mozilla Firefox web browser and go to https:// | ||
| - You get signed in successfully in the website. Now, click the Get Started button and click Start for free button under Researcher section. | - You get signed in successfully in the website. Now, click the Get Started button and click Start for free button under Researcher section. | ||
| - | - The Edit Profile page appears; in the API Token section and observe the API Token. Note down or copy this API Token; we will use this token in the later steps.{{: | + | - The Edit Profile page appears; in the API Token section and observe the API Token. Note down or copy this API Token; we will use this token in the later steps.{{: |
| - In the Parrot Security machine, open a Terminal window and execute sudo su to run the programs as a root user (When prompted, enter the password toor). | - In the Parrot Security machine, open a Terminal window and execute sudo su to run the programs as a root user (When prompted, enter the password toor). | ||
| - | - In the Terminal window, run '' | + | - In the Terminal window, run '' |
| - | - The result appears, displaying detailed information regarding the target website.{{: | + | - The result appears, displaying detailed information regarding the target website.{{: |
| - Scroll down to the Plugin(s) Identified section, and observe the installed vulnerable plugins (wp-upg) on the target website. | - Scroll down to the Plugin(s) Identified section, and observe the installed vulnerable plugins (wp-upg) on the target website. | ||
| - | - In the Plugin(s) Identified section, within the context of the wp-upg plugin, an Unauthenticated Remote Code Execution (RCE) vulnerability has been detected as shown in the screenshot.{{: | + | - In the Plugin(s) Identified section, within the context of the wp-upg plugin, an Unauthenticated Remote Code Execution (RCE) vulnerability has been detected as shown in the screenshot.{{: |
| - | - To perform RCE attack, run curl -i ' | + | - To perform RCE attack, run curl -i ' |
| - This curl command exploits a WordPress plugin vulnerability by sending a malicious request to the admin-ajax.php file, allowing an attacker to execute arbitrary system commands via the exec function, potentially leading to remote code execution. | - This curl command exploits a WordPress plugin vulnerability by sending a malicious request to the admin-ajax.php file, allowing an attacker to execute arbitrary system commands via the exec function, potentially leading to remote code execution. | ||
| === Lab 3: Detect Web Application Vulnerabilities using Various Web Application Security Tools | === Lab 3: Detect Web Application Vulnerabilities using Various Web Application Security Tools | ||
| ==== Task 1: Detect Web Application Vulnerabilities using Wapiti Web Application Security Scanner | ==== Task 1: Detect Web Application Vulnerabilities using Wapiti Web Application Security Scanner | ||
| - | - In the terminal window run '' | + | - In the terminal window run '' |
| - | - Now, run '' | + | - Now, run '' |
| - | - Run '' | + | - Run '' |
| - | - After installing the tool run wapiti -u https:// | + | - After installing the tool run wapiti -u https:// |
| - | - Now, in the terminal run cd / | + | - Now, in the terminal run cd / |
| - | - Run ls command to view the contents of the directory. we can see that the certifiedhacker.com_xxxxxxxx_xxxx.html file is created.{{: | + | - Run ls command to view the contents of the directory. we can see that the certifiedhacker.com_xxxxxxxx_xxxx.html file is created.{{: |
| - | - Run cp certifiedhacker.com_xxxxxxxx_xxxx.html / | + | - Run cp certifiedhacker.com_xxxxxxxx_xxxx.html / |
| - | - Open a new terminal and run firefox certifiedhacker.com_xxxxxxxx_xxxx.html command to open the .html file in Firefox browser.{{: | + | - Open a new terminal and run firefox certifiedhacker.com_xxxxxxxx_xxxx.html command to open the .html file in Firefox browser.{{: |
| - | - Wapiti scan report opens upp in Firefox browser, you can analyze the scan result with the discovered vulnerabilities.{{: | + | - Wapiti scan report opens upp in Firefox browser, you can analyze the scan result with the discovered vulnerabilities.{{: |
| - | - Scroll down to view the detailed information regarding each discovered vulnerability.{{: | + | - Scroll down to view the detailed information regarding each discovered vulnerability.{{: |
| === Lab 4: Perform Web Application Hacking using AI | === Lab 4: Perform Web Application Hacking using AI | ||
| Línia 217: | Línia 217: | ||
| * Evasión | * Evasión | ||
| * Contramedidas | * Contramedidas | ||
| + | |||
| + | === Lab 1 Modulo 15: Perform SQL Injection Attacks | ||
| + | ==== Task 1: Perform an SQL Injection Attack Against MSSQL to Extract Databases using sqlmap | ||
| + | sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features, and a broad range of switches—from database fingerprinting and data fetching from the database to accessing the underlying file system and executing commands on the OS via out-of-band connections. | ||
| + | |||
| + | You can use sqlmap to perform SQL injection on a target website using various techniques, including Boolean-based blind, time-based blind, error-based, | ||
| + | |||
| + | In this task, we will use sqlmap to perform SQL injection attack against MSSQL to extract databases. | ||
| + | |||
| + | - Navigate to http:// | ||
| + | - Once you are logged into the website, click the View Profile tab on the menu bar and, when the page has loaded, make a note of the URL in the address bar of the browser. | ||
| + | - Right-click anywhere on the webpage and click Inspect (Q) from the context menu, as shown in the screenshot.{{: | ||
| + | - The Developer Tools frame appears in the lower section of the browser window. Click the Console tab, type document.cookie in the lower-left corner of the browser, and press Enter.{{: | ||
| + | - Select the cookie value, then right-click and copy it, as shown in the screenshot. Minimize the web browser. Note down the URL of the web page. | ||
| + | - As root, Run '' | ||
| + | - In this query, -u specifies the target URL (the one you noted down in Step#7), --cookie specifies the HTTP cookie header value, and --dbs enumerates DBMS databases. | ||
| + | - The above query causes sqlmap to enforce various injection techniques on the name parameter of the URL in an attempt to extract the database information of the MovieScope website.{{: | ||
| + | - If the message Do you want to skip test payloads specific for other DBMSes? [Y/n] appears, type Y and press Enter. | ||
| + | - If the message for the remaining tests, do you want to include all tests for ‘Microsoft SQL Server’ extending provided level (1) and risk (1) values? [Y/n] appears, type Y and press Enter.{{: | ||
| + | - sqlmap retrieves the databases present in the MSSQL server. It also displays information about the web server OS, web application technology, and the backend DBMS, as shown in the screenshot. | ||
| + | - Now, you need to choose a database and use sqlmap to retrieve the tables in the database. In this lab, we are going to determine the tables associated with the database moviescope.{{: | ||
| + | - Run '' | ||
| + | - In this query, -D specifies the DBMS database to enumerate and --tables enumerates DBMS database tables. | ||
| + | - sqlmap retrieves the table contents of the moviescope database and displays them, as shown in screenshot.{{: | ||
| + | - Now, you need to retrieve the table content of the column User_Login. | ||
| + | - Run '' | ||
| + | - sqlmap retrieves the complete User_Login table data from the database moviescope, containing all users’ usernames under the Uname column and passwords under the password column, as shown in screenshot. | ||
| + | - You will see that under the password column, the passwords are shown in plain text form.{{: | ||
| + | - Now, switch back to the Parrot Terminal window. Run '' | ||
| + | - If the message do you want sqlmap to try to optimize value(s) for DBMS delay responses appears, type Y and press Enter to continue.{{: | ||
| + | - Once sqlmap acquires the permission to optimize the machine, it will provide you with the OS shell. Type hostname and press Enter to find the machine name where the site is running. If the message do you want to retrieve the command standard output? appears, type Y and press Enter.{{: | ||
| + | - sqlmap will retrieve the hostname of the machine on which the target web application is running, as shown in the screenshot.{{: | ||
| + | - Type **TASKLIST** and press Enter to view a list of tasks that are currently running on the target system. | ||
| + | - If the message do you want to retrieve the command standard output? appears, type Y and press Enter. The above command retrieves the tasks and displays them under the command standard output section, as shown in the screenshots below.{{: | ||
| + | - To view the available commands under the OS shell, type help and press Enter. | ||
| + | - You can also use other SQL injection tools such as: | ||
| + | - Mole (https:// | ||
| + | - jSQL Injection (https:// | ||
| + | - NoSQLMap (https:// | ||
| + | - Havij (https:// | ||
| + | - blind_sql_bitshifting (https:// | ||
| + | |||
| + | === Lab 2 Modulo 15: Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools | ||
| + | ==== Task 1: Detect SQL Injection Vulnerabilities using OWASP ZAP | ||
| + | - OWASP ZAP initialized and a prompt that reads Do you want to persist the ZAP Session? appears; select the No, I do not want to persist this session at this moment in time radio button, and click Start.{{: | ||
| + | - The OWASP ZAP main window appears; under the Quick Start tab, click the Automated Scan option.{{: | ||
| + | - The Automated Scan wizard appears, enter the target website in the URL to attack field (in this case, http:// | ||
| + | - After the scan completes, Alerts tab appears. You can observe the vulnerabilities found on the website under the Alerts tab.{{: | ||
| + | - Now, expand the SQL Injection vulnerability node under the Alerts tab.{{: | ||
| + | - Click on the discovered SQL Injection vulnerability and further click on the vulnerable URL. | ||
| + | - You can observe the information such as Risk, Confidence, Parameter, Attack, etc., regarding the discovered SQL Injection vulnerability in the lower right-bottom, | ||
| + | - Red Flag: High risk | ||
| + | - Orange Flag: Medium risk | ||
| + | - Yellow Flag: Low risk | ||
| + | - Blue Flag: Provides details about information disclosure vulnerabilities{{: | ||
| + | - Similarly, expand any other vulnerability (here, SQL Injection-MsSQL) node under the Alerts tab and further click on the vulnerable URLs.{{: | ||
| + | - You can also use other SQL injection detection tools such as: | ||
| + | - Damn Small SQLi Scanner (DSSS) (https:// | ||
| + | - Snort (https:// | ||
| + | - Burp Suite (https:// | ||
| + | - HCL AppScan (https:// | ||
| + | |||
| + | === Lab 3: Perform SQL Injection using AI | ||
| + | ==== Task 1: Perform SQL Injection using ShellGPT | ||
| + | - enumerate the database of the target website to do so, switch to the terminal window and run '' | ||
| + | - We have successfully enumerated the databases from the target website, we will now enumerate the tables pertaining to the database moviescope. To do so run '' | ||
| + | - After enumerating the database tables we will dump the contents of the User_Login table to view the login information of the target website. | ||
| + | - Run '' | ||
| + | - Sqlmap retrieves the complete User_Login table data from the database moviescope, containing all users’ usernames under the Uname column and passwords under the password column, as shown in screenshot. | ||
| + | |||
| + | |||
| == Module 16: Hacking Wireless Networks | == Module 16: Hacking Wireless Networks | ||
| < | < | ||
| Línia 276: | Línia 347: | ||
| * Solo EEUU, no UE | * Solo EEUU, no UE | ||
| + | === Lab 1 Modulo 16: Perform Wireless Traffic Analysis | ||
| + | ==== Task 1: Wi-Fi Packet Analysis using Wireshark | ||
| + | - The **Wireshark** Network Analyzer window appears. | ||
| + | - In the menu bar, click File and click Open option from the drop-down list.{{: | ||
| + | - Wireshark: Open Capture File window appears, navigate to E: | ||
| + | - The WPA2crack-01.cap file opens in Wireshark window showing you the details of the packet for analysis. Here you can see the wireless packets captured which were otherwise masked to look like ethernet traffic. | ||
| + | - Here 802.11 protocol indicates wireless packets. | ||
| + | - You can access the saved packet capture file anytime, and by issuing packet filtering commands in the Filter field, you can narrow down the packet search in an attempt to find packets containing sensible information. | ||
| + | - In real time, attackers enforce packet capture and packet filtering techniques to capture packets containing passwords (only for websites implemented on HTTP channel), perform attacks such as session hijacking, and so on. {{: | ||
| + | - You can also use other wireless traffic analyzers such as: | ||
| + | - AirMagnet WiFi Analyzer PRO (https:// | ||
| + | - SteelCentral Packet Analyzer (https:// | ||
| + | - Omnipeek Network Protocol Analyzer (https:// | ||
| + | - and CommView for Wi-Fi (https:// | ||
| + | |||
| + | === Lab 2: Perform Wireless Attacks | ||
| + | ==== Task 1: Crack a WPA2 Network using Aircrack-ng | ||
| + | - In the Parrot Terminal window, run '' | ||
| + | - -a is the technique used to crack the handshake, 2=WPA technique. | ||
| + | - -b refers to bssid; replace with the BSSID of the target router. | ||
| + | - -w stands for wordlist; provide the path to a wordlist. | ||
| + | - {{: | ||
| + | - The result appears, showing the WPA handshake packet captured with airodump-ng. The target access point’s password is cracked and displayed in plain text next to the message KEY FOUND!, as shown in the screenshot. | ||
| + | - If the password is complex, aircrack-ng will take a long time to crack it. | ||
| + | - {{: | ||
| + | - You can also use other tools such as: | ||
| + | - hashcat (https:// | ||
| + | - Portable Penetrator (https:// | ||
| + | - WepCrackGui (https:// | ||
| == Module 17: Hacking Mobile Platforms | == Module 17: Hacking Mobile Platforms | ||
| + | === Lab 1 | ||
| + | ==== Task 1: Exploit the Android Platform through ADB using PhoneSploit-Pro | ||
| + | ==== Task 2: Hack an Android Device by Creating APK File using AndroRAT | ||
| + | === Lab 2 | ||
| + | ==== Task 1: Secure Android Devices from Malicious Apps using AVG | ||