CYS 506 - Lab7

College of Computer Science and Information Technology
&‫كلية& علوم الحاسب وتقنية& المعلومات‬
Networks and Communications

CYS506 Ethical Hacking
Student Procedural Manual
2022/23
IMAM ABDULRAHMAN BIN FAISAL UNIVERSITY
College Department Course
Practical
College of Computer Science Session Plan
Networks and Ethical Hacking (CYS
and Information Technology Communications 506)
Session Topic/Title Session No. Session Duration
(Minutes)
Hacking Web Applications 7 120
1- Session Please list the Session Learning Outcomes (SLOs), as presented in the
Outcomes ABET Student Outcomes A to K.
Note: The sequence of instruction may vary and you may start with the
most essential SLO. 1 is the most important one, followed by 2, 3 and 4, as
per time availability.
1. Outcome A: Footprint Web Applications

2. Outcome C: Brute Force Web Application Login Pages
3. Outcome D: Command Injecting a Web Application
4. Outcome E: Exploit CSRF on a web application
2- Tool(s)/Software .
 DVWA
 Docker
 OWASP Zap
 burpsuite
 Kali Linux
3- procedural steps
(Tasks)
Web Application Hacking refers to the technique of exploiting weaknesses in
the code and architecture of web applications to gain unauthorized access to
sensitive data or execute malicious activities. In this session, we will focus on various
types of attacks that can be performed on web applications, including brute force
attacks, command injection, cross-site request forgery (CSRF). By simulating
these attacks in a controlled environment, you will acquire knowledge on how to
identify and prevent possible threats from occurring in real-world scenarios.
Lab Tasks:
Part 1: Setup
1- Download zap proxy from their website (https://www.zaproxy.org/download/)
CYS506 - Ethical Hacking

1|Page
Practical
College of Computer Science Session
NetworksPlan
and Ethical Hacking (CYS
2- Add execute permissions after downloading “Linux Installer” and then execute that
file.
3- Download and install docker in linux using “sudo apt install docker.io”

2|Page
Practical
NetworksPlan
4- Run the following docker command to have the DVWA vulnerable web application
run in port 80.
5- Go to 127.0.0.1:80 and you should be able to find the web application.

3|Page
Practical
NetworksPlan
6- Login using the credentials admin:password.
7- Click “DVWA Security” on the left panel and set the security level to low and submit.

4|Page
Practical
NetworksPlan
Part 2: Scanning Web Applications

5|Page
Practical
1- Run ZAP Proxy, pick automated scan and input the address of the DVWA web
application
2- Run the scan and wait for it to finish executing
3- After the scan is done view the alerts to know the vulnerabilities in the web
application.

6|Page
Practical
NetworksPlan
Part 3: Brute Force Attack
1- Start burpsuite and open the browser.

7|Page
Practical
NetworksPlan
2- Login to DVWA and go to the brute force option on the left panel.
3- Enter any combination and click login.

8|Page
Practical
NetworksPlan
4- Go to HTTP history in the proxy tab in burpsuite and find the request of the request
you sent.

9|Page
Practical
NetworksPlan
5- Send that request to the repeater.
6- Change the username and password in the parameter to admin:password

10 | P a g e
Practical
NetworksPlan
7- Click send and check the response.

11 | P a g e
Practical
NetworksPlan
Note: below the response word, you can pick how you want the page to be rendered
8- To run a brute force attack, send the request to the intruder

12 | P a g e
Practical
NetworksPlan
9- Click clear to remove the changeable parameters.
10- Highlight the parameter you want changed and then click add, since we’re brute
forcing the username and password we will pick them.

13 | P a g e
Practical
NetworksPlan
11- In the positions tab change the attack type to cluster bomb.
12- Now go to the payloads tab and pick your wordlists in order.

14 | P a g e
Practical
NetworksPlan

15 | P a g e
Practical
NetworksPlan
13- Start the attack, then wait for it to finish
14- After the attack is executed sort by length, successful bruteforce attempts should have
replies that are different in length from most the others

16 | P a g e
Practical
NetworksPlan
Part 4: Command Injection
1- Go to the command injection option on the left panel

17 | P a g e
Practical
NetworksPlan
2- Enter an IP address and check the output.
3- Notice how the command line is outputted to the user.

18 | P a g e
Practical
NetworksPlan
4- Try a different command.
5- Let’s try writing that command in a different way.

19 | P a g e
Practical
NetworksPlan
Notice “www-data” in the end.
6- Now try using a combination of different commands.

20 | P a g e
Practical
NetworksPlan
Part 5: CSRF

21 | P a g e
Practical
1- Go to the CSRF on the left pane
2- Check the source code by clicking view source below
3- Notice how there is no authentication in the source code and the web application only
depends on the session ID.
4- Enter a new password in the CSRF page and click change

22 | P a g e
Practical
NetworksPlan
5- Look at the URL

http://127.0.0.1/vulnerabilities/csrf/?
password_new=CYS&password_conf=CYS&Change=Change#
If this url is sent to a user and he clicks it will change his password on the web application.
6- Now login as a different user in another browser: pablo:letmein

23 | P a g e
Practical
NetworksPlan
7- Now look at what happens if the url is visited while authenticated as another user.
8- The password of pablo was changed to CYS
9- Now try to login with the old password

24 | P a g e
Practical
NetworksPlan
Assignments:
Do the following tasks and take screenshots as proof.
1- Run an automated scan using OWASP ZAP

25 | P a g e
Practical
NetworksPlan
2- Explain one of the vulnerabilities found using OWASP ZAP with a short
paragraph
3- Run a Brute Force attack using the following wordlists
4- Conduct a command injection to create a text file with the words “CYS LAB”
and then read that file.
5- Conduct a CSRF attack on one of the users you found previously by brute
force, make the victim’s password “ETHICAL_HACKING”. (Put sufficient
screenshots to show that the attack was successful).
Note: Enable adding random numbers in the end

4- Assessment Plan questions/tasks to confirm that students have achieved each of the
above SLOs. Outcome 1 is the most important one, followed by 2, 3 and
4, as per time availability. The questions/tasks below are just for
guidance and the laboratory instructor can come up with his own
questions/tasks.
5- Resources Suggest further resources for the students to manage their learning after
the class. Make sure that the resources are specific and different to suit all
students, e. g. Figures, Tables, Links, etc.
https://en.wikipedia.org/wiki/Cross-site_request_forgery
https://en.wikipedia.org/wiki/Code_injection
https://github.com/digininja/DVWA

26 | P a g e

CYS 506 - Lab7

Uploaded by

Copyright:

Available Formats

CYS 506 - Lab7

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CYS 506 - Lab7

Uploaded by

Copyright:

Available Formats

College of Computer Science and Information Technology

&‫كلية& علوم الحاسب وتقنية& المعلومات‬

Networks and Communications

Student Procedural Manual

1. Outcome A: Footprint Web Applications

1- Download zap proxy from their website (https://www.zaproxy.org/download/)

CYS506 - Ethical Hacking

CYS506 - Ethical Hacking

5- Go to 127.0.0.1:80 and you should be able to find the web application.

CYS506 - Ethical Hacking

6- Login using the credentials admin:password.

CYS506 - Ethical Hacking

Part 2: Scanning Web Applications

CYS506 - Ethical Hacking

2- Run the scan and wait for it to finish executing

CYS506 - Ethical Hacking

Part 3: Brute Force Attack

1- Start burpsuite and open the browser.

CYS506 - Ethical Hacking

3- Enter any combination and click login.

CYS506 - Ethical Hacking

CYS506 - Ethical Hacking

5- Send that request to the repeater.

6- Change the username and password in the parameter to admin:password

CYS506 - Ethical Hacking

7- Click send and check the response.

CYS506 - Ethical Hacking

8- To run a brute force attack, send the request to the intruder

CYS506 - Ethical Hacking

9- Click clear to remove the changeable parameters.

CYS506 - Ethical Hacking

CYS506 - Ethical Hacking

CYS506 - Ethical Hacking

13- Start the attack, then wait for it to finish

CYS506 - Ethical Hacking

Part 4: Command Injection

1- Go to the command injection option on the left panel

CYS506 - Ethical Hacking

2- Enter an IP address and check the output.

3- Notice how the command line is outputted to the user.

CYS506 - Ethical Hacking

4- Try a different command.

5- Let’s try writing that command in a different way.

CYS506 - Ethical Hacking

Notice “www-data” in the end.

6- Now try using a combination of different commands.

CYS506 - Ethical Hacking

CYS506 - Ethical Hacking

2- Check the source code by clicking view source below

4- Enter a new password in the CSRF page and click change

CYS506 - Ethical Hacking

5- Look at the URL

CYS506 - Ethical Hacking

8- The password of pablo was changed to CYS

9- Now try to login with the old password

CYS506 - Ethical Hacking

CYS506 - Ethical Hacking

3- Run a Brute Force attack using the following wordlists

Note: Enable adding random numbers in the end

CYS506 - Ethical Hacking