🔬Web App Scanning
Lab 1 - ZAProxy
🔬 Scanning Web Application with ZAProxy
Target IP:
192.192.29.3Scan and identify a vulnerable web app (bWAPP) with ZAProxy
ip -br -c a
eth1@if203734 UP 192.192.29.2/24
nmap -sS -sV 192.192.29.3Start
owasp-zapfrom the start menuUse
Manual Exploreand input the URLhttp://192.192.29.3/
Launch Browser to open the browser session with the ZAP HUB
Login to the web app with
bee:bugcredentialsset the security level to
low
Try some HTML and SQL Injection or other bugs from the
https://192.192.29.3/portal.phppage
ZAProxy
Configure authenticated session in ZAProxy
Enable
Forced User mode
Include in Contextthe Sitehttps://192.192.29.3/and confirm withOK
Run a
Spiderattack on the site, select thebeeuser and Start the scan
Run an
Active Scanon the site, select thebeeuser and Start the scan
In the
Alertstab check the 🚩Highrisk Alerts
Try to navigate to
https://192.192.29.3/htmli_stored.php, inject theXSS(Cross-site Scripting) payload and Submit itThe XSS payload will be triggered
Using the
ZAP HUD, Site Alerts can be accessed. Every vulnerability is clickable and can be directly tried via the URL
Try a SQL Injection attack by opening this link
http://192.210.141.3/sqli_1.php?action=search&title=ZAP'+OR+'1'%3D'1'+--+The table records will be dumped on the web page
Lab 2 - Nikto
🔬 Scanning Web Application with Nikto
Target IP:
192.157.60.3Scan and identify web app vulnerabilities (Multillidae II) with Nikto
LFI
Open the browser and navigate to
http://192.157.60.3/
Nikto
In the Bash terminal run
niktoand output the results to a file
Scan the target web app for Local File Inclusion (LFI) vulnerability by copying the link from the browser
http://192.157.60.3/index.php?page=arbitrary-file-inclusion.phpoutput to an
HTMLfile
The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host
View the contents of the
passwdfile of the target machinehttp://192.157.60.3/index.php/index.php?page=../../../../../../../../../../etc/passwd
Last updated
Was this helpful?