Thứ Năm, 21 tháng 11, 2013

Bài Hướng Dẫn Mutillidae : Lesson 4 - Brute Force Using Burp Suite and crack_web_form.pl

 
Section 1. Configure Fedora14 Virtual Machine Settings
  1. Open Your VMware Player
    • Instructions:
      1. On Your Host Computer, Go To
      2. Start --> All Program --> VMWare --> VMWare Player
  2. Edit Fedora Mutillidae Virtual Machine Settings
    • Instructions:
      1. Highlight fedora14
      2. Click Edit virtual machine settings
  3. Edit Network Adapter
    • Instructions:
      1. Highlight Network Adapter
      2. Select Bridged
      3. Click the OK Button

Section 2. Login to Fedora14 - Mutillidae
  1. Start Fedora14 VM Instance
    • Instructions:
      1. Start Up VMWare Player
      2. Select Fedora14 - Mutillidae
      3. Play virtual machine
  2. Login to Fedora14 - Mutillidae
    • Instructions:
      1. Login: student
      2. Password: <whatever you set it to>.

Section 3. Open Console Terminal and Retrieve IP Address
  1. Start a Terminal Console
    • Instructions:
      1. Applications --> Terminal
  2. Switch user to root
    • Instructions:
      1. su - root
      2. <Whatever you set the root password to>
  3. Get IP Address
    • Instructions:
      1. ifconfig -a
    • Notes (FYI):
      • As indicated below, my IP address is 192.168.1.111.
      • Please record your IP address.

Section 4. Configure BackTrack Virtual Machine Settings
  1. Edit the BackTrack5R1 VM
    • Instructions:
      1. Select BackTrack5R1 VM
      2. Click Edit virtual machine settings
  2. Edit Virtual Machine Settings
    • Instructions:
      1. Click on Network Adapter
      2. Click on the Bridged Radio button
      3. Click on the OK Button

Section 5. Play and Login to BackTrack
  1. Play the BackTrack5R1 VM
    • Instructions:
      1. Click on the BackTrack5R1 VM
      2. Click on Play virtual machine
  2. Login to BackTrack
    • Instructions:
      1. Login: root
      2. Password: toor or <whatever you changed it to>.
  3. Bring up the GNOME
    • Instructions:
      1. Type startx

Section 6. Open Console Terminal and Retrieve IP Address
  1. On BackTrack, Start up a terminal window
    • Instructions:
      1. Click on the Terminal Window
  2. Obtain the IP Address
    • Instructions:
      1. ifconfig -a
    • Note(FYI):
      • My IP address 192.168.1.109.
      • In your case, it will probably be different.
      • This is the machine that will be use to attack the victim machine (Metasploitable).

Section 7. Start Web Browser Session to Mutillidae
  1. On BackTrack, Open Firefox
    • Instructions:
      1. Click on the Firefox Icon
    • Notes (FYI):
      • If FireFox Icon does not exist in the Menu Bar Tray, then go to Applications --> Internet --> Firefox Web Browser
  2. Open Mutillidae
    • Notes (FYI):
      • Replace 192.168.1.111 in the following URL --> http://192.168.1.111/mutillidae, with your Mutillidae's IP Address obtained from (Section 3, Step 3)
    • Instructions:
      1. http://192.168.1.111/mutillidae

Section 8. Blog Reconnaissance
  1. Select View Someones Blog
    • Instructions:
      1. OWASP Top 10 --> A1 - SQL Injection --> SQLMAP Practice --> View Someones Blog
  2. Possible Usernames
    • Instructions:
      1. Click on Please Choose Author
    • Note(FYI):
      • Without even logging in, you are able to view logs of other users.
      • This is normally not a big deal.
      • However, the below list box will contain the value or the database username of each displayed username.
  3. View Source Code  for View Someones Blog
    • Instructions:
      1. Right Click on white background
      2. Click on View Page Source
  4. Search Source Code for Username
    • Instructions:
      1. Press the <Ctrl> and <f> keys to search the source code
      2. Type "admin" and press enter
        • Include the quotes
    • Note(FYI):
      • Notice for every username in this line, there will be a tag called <option value="USERNAME">.
      • <option value="admin">admin</option>
        • <option value="admin" - This is the database value
        • >admin</option> - This is the display name of the user
  5. Parse Source Code for Username
    • Note(FYI):
      • Replace 192.168.1.111 with the Fedora(Mutillidae) IP Address obtained from (Section 3, Step 3).
      • Below is just a small tutorial on using a little bit of elbow grease (curl, grep, sed and awk) to do a lot of parsing.
    • Instructions:
      1. curl -L "http://192.168.1.111/mutillidae/index.php?page=view-someones-blog.php" 2>/dev/null | grep -i \"admin\" | sed 's/"//g' | awk 'BEGIN{FS=">"}{for (i=1; i<=NF; i++) print $i}' | grep -v value | sed s'/<\/option//g'
        • curl -L "Webpage", retrieves the source code of a webpage.
        • 2>/dev/null, means do not view errors or curl status output.
        • grep -i \"admin\", display curl output that contains the string "\"admin\"".
        • sed 's/"//g', use sed to replace quotes with nothing
        • awk 'BEGIN{FS=">"}{for (i=1; i<=NF; i++) print $i}', use the ">" character as a delimiter or field separator and print each array element on a separate line
        • grep -v value, display array element output that only contains the string "value".
        • sed s'/<\/option//g', use sed to replace the string "</option" with nothing.
Section 9. Viewing Login.php Error Message
  1. Test Login.php
    • Instructions:
      1. Click Login/Register
      2. Name: admin
      3. Password: admin
      4. Click the Login Button
  2. Copy the Login.php Error Message
    • Instructions:
      1. Highlight "Authentication Error", and Right Click
      2. Select Copy
  3. Open gedit
    • Instructions:
      1. gedit &
      2. Press Enter
  4. Paste Message
    • Instructions:
      1. Press the <Ctrl> and <v> keys to paste message

Section 10. Viewing Login.php Source Code
  1. View Login.php Source
    • Instructions:
      1. Click on Login/Register
      2. Right Click on the white screen background, select View Page Source.
  2. Analyze Login.php Source
    • Instructions:
      1. Press the <Ctrl> and <f> keys at the same time
      2. Type form action in the find box and press enter.
    • Notes (FYI):
      • Notice the naming convention of the username and password textboxes.
      • Notice the naming convention and value of the submit button.

Section 11. Configure Firefox Proxy Settings
  1. View Preferences
    • Instructions:
      1. Click on Firefox
      2. Select Preferences --> Preferences
  2. Advanced Settings...
    • Instructions:
      1. Click on the Advanced Icon
      2. Click on the Network Tab
      3. Click on the Setting... button
  3. Connection Settings
    • Instructions:
      1. Click on Manual proxy configurations
      2. Type "127.0.0.1" in the HTTP Proxy Text Box
      3. Type "8080" in the Port Text Box
      4. Check Use the proxy server for all protocols
      5. Click OK
      6. Click Close

Section 12. Configure Burp Suite
  1. Start Burp Suite
    • Instructions:
      1. Applications --> BackTrack --> Vulnerability Assessment --> Web Application Assessment ---> Web Vulnerability Scanner --> burpsuite
  2. JRE Message
    • Instructions:
      1. Click OK
     
  3. Configure proxy
    • Instructions:
      1. Click on the proxy tab
      2. Click on the options tab
      3. Verify the port is set to 8080
  4. Turn on intercept
    • Instructions:
      1. Click on the proxy tab
      2. Click on the intercept tab
      3. Verify the intercept button shows "intercept is on"
     
  5. Try Logging in
    • Note(FYI):
      • You should already be on the Login Page.
      • Replace 192.168.1.111 with the Fedora(Mutillidae) IP Address obtained from (Section 3, Step 3).
    • Instructions:
      1. The following URI should already be in the address box
        • http://192.168.1.111/mutillidae/index.php?page=login.php.
      2. Name: admin
      3. Password: admin
      4. Click the Login Button
        • Note: The Webpage will not refresh, because it is waiting on Burp Suite.
      5. Continue to Next Step
  6. Verifying Burp Suite Results
    • Instructions:
      • Highlight username=admin&password=admin&login-php-submit-button=Login and right click
      • Click Copy
    • Note(FYI):
      1. On the first line, you can see POST has occurred for login.php
      2. username=admin, username is the name of the textbox and admin is its' value.
      3. password=admin, password is the name of the textbox and admin is its' value.
      4. login-php-submit-button=Login, login-php-submit-button is the name of the button and Login is its' value.
  7. Paste Message
    • Instructions:
      1. Press the <Ctrl> and <v> keys to paste message
    • Note(FYI):
      • After this step, you should see following two messages:
        1. Authentication Error
        2. username=admin&password=admin&login-php-submit-button=Login

Section 13. Crack Web Form
  1. Download and Prepare Crack Web Form
    • Instructions:
      1. mkdir -p /pentest/passwords/cwf
      2. cd /pentest/passwords/cwf
      3. wget http://www.computersecuritystudent.com/SECURITY_TOOLS/MUTILLIDAE/MUTILLIDAE_2511/lesson4/cwf.v2.tar.gz
      4. ls -l cwf.v2.tar.gz
      5. tar zxovf cwf.v2.tar.gz
  2. Crack Web Form Functionality
    • Instructions:
      1. ./crack_web_form.pl -help | more
  3. Using Crack Web Form
    • Note(FYI):
      • Replace 192.168.1.111 with the IP Address obtained (Section 3, Step 3).
    • Instructions:
      1. ./crack_web_form.pl -U admin -http "http://192.168.1.111/mutillidae/index.php?page=login.php" -data "username=USERNAME&password=PASSWORD&login-php-submit-button=Login" -F "Authentication Error"
        • -U, Is an optional parameter.  It allows you to specify a username.  If the username is not supplied, then the username will default to admin.
        • -P, Is an optional parameter.  It allows you to specify the location of the password file.  The default password file is set to the password.txt file located in the same directory as crack_web_form.pl.
        • -http, Is a required parameter. It allows to specify the login page.  Supply the login page you used in (Section 12, Step 5).
          • http://192.168.1.111/mutillidae/index.php?page=login.php
        • -data, Is a required parameter. It allows you to specify the HTTP POST DATA.
          • username=USERNAME, where USERNAME is either the default "admin" or replaced by the user supplied parameter.
          • password=PASSWORD, where PASSWORD is replaced by values in the password file.
          • "username=USERNAME&password=PASSWORD&login-php-submit-button=Login", this is the string we obtain from Burp Suite in (Section 12, Step 7).
        • -F, Is an optional parameter.  It allows you to specify the authentication failure message.  Supply the failure message you obtained in (Section 9, Step 11).  The default failure message is set to "fail|invalid|error", where the message is case insensitive
          • "Authentication Error", this is the string we obtain from (Section 9, Step 4).
  4. Crack Web Form Results
    • Instructions:
      1. crack_web_form.pl found the password (adminpass) for username (admin).

Section 14. Remove Firefox Manual Proxy Configuration
  1. View Preferences
    • Instructions:
      1. Click on Firefox
      2. Select Preferences --> Preferences
  2. Advanced Settings...
    • Instructions:
      1. Click on the Advanced Icon
      2. Click on the Network Tab
      3. Click on the Setting... button
  3. Connection Settings
    • Instructions:
      1. Click on the No proxy Radio Button
      2. Click on the OK Button
      3. Click on the Close Button

Section 15. Test Admin Password
  1. Test Login.php
    • Instructions:
      1. Click Login/Register
      2. Name: admin
      3. Password: adminpass
        • The password was obtained from (Section 13, Step 4).
      4. Click the Login Button
  2. Verify Login Message
    • Note(FYI):
      1. Notice that message "Logged In Admin: admin (root)".
     
Section 16. Proof of Lab
  1. Proof of Lab
    • Instructions:
      1. cd /pentest/passwords/cwf
      2. cat crack_cookies.txt
      3. date
      4. echo "Your Name"
        • Replace the string "Your Name" with your actual name.
        • e.g., echo "John Gray"
    • Proof of Lab Instructions:
      1. Do a PrtScn
      2. Paste into a word document
      3. Upload to Www.AnToanThongTin.Edu.VN

Không có nhận xét nào:

Đăng nhận xét