Summary:
- Footprinting and Enumerating
- Perform an OWASP Top 10 Attack
- Cookie Manipulation
To begin this exercise I launched and logged into an administrator account on a Windows OS virtual machine.
Following log in, I launched an application called “Vega”, and familiarized myself with different panes, and options.
To begin the exercise, I clicked “Start New Scan” and when prompted entered the IP address that was provided to me for this exercise.
This scan revealed to me the different vulnerabilites found categorized in High, Medium, and Low levels of vulernability.
I then focused my attention to the High category and located the results labeled, “Session Cookie Without HttpOnly Flag”, and under this drop drop I located /webcal/login.php.
Here I was able to find information with specific details of the vulnerability, how to fix the problem, and source information about the vulnerability:
For the next portion of the exercise, I practiced web hacking using the Web Goat platform and attempted to access the account “alice”.
To begin, I launched a window of Firefox and in the address bar I entered a given IP address, and click OWASP WebGoat.
From this point, I logged into the WebGoat server and clicked “Start Webgoat”.
I then found the tab labeled, “Session Management Flaws” and clicked “Spoof an Authentication Cookie” and logged into this portion of the website with the username “webgoat”.
Once my identity was remembered, I opened Web Developer, and navigated to Storage Inspector.
Here I located, and opened AuthCookie to view the contents of the cookie in the Data Pane.
I then copied the Value field associated with the AuthCookie and opened a Notepad++ file.
At this point, I typed the username to the account I previously logged into and pasted the value data next to the username and saved the file.
Next, I logged out of the account “webgoat” and logged into the account “aspect” and repeated the previous steps until the username and value data were in the same file as before.
From this point, I recognized that the first five characters of the value data were identical which means I only need to decode the data after 65432.
I then noticed the data is encoded by reversing the username and then shifting one letter alphabetically.
From here, I added another line to Notepad++ file and the username is “alice” followed by the data value 65432fdjmb. This is because fdjmb is equivalent to alice reserved and shifted one letter similar to the data in the previous accounts.
Next, I returned to Firefox; however, this time in Storage Inspector in the AuthCookie field I replaced the value data provided to the account “aspect” with the value data I created for “alice”.
This triggered a window to appear which allowed me to refresh the page and be logged into the account “alice”.
