🔬Web App Scanning
Lab 1 - ZAProxy
🔬 Scanning Web Application with ZAProxy
Target IP:
192.192.29.3
Scan and identify a vulnerable web app (bWAPP) with ZAProxy
Start
owasp-zap
from the start menuUse
Manual Explore
and input the URLhttp://192.192.29.3/
Launch Browser to open the browser session with the ZAP HUB
Login to the web app with
bee
:bug
credentialsset the security level to
low
Try some HTML and SQL Injection or other bugs from the
https://192.192.29.3/portal.php
page
ZAProxy
Configure authenticated session in ZAProxy
Enable
Forced User mode
Include in Context
the Sitehttps://192.192.29.3/
and confirm withOK
Run a
Spider
attack on the site, select thebee
user and Start the scan
Run an
Active Scan
on the site, select thebee
user and Start the scan
In the
Alerts
tab check the 🚩High
risk Alerts
Try to navigate to
https://192.192.29.3/htmli_stored.php
, inject theXSS
(Cross-site Scripting) payload and Submit itThe XSS payload will be triggered
Using the
ZAP HUD
, Site Alerts can be accessed. Every vulnerability is clickable and can be directly tried via the URL
Try a SQL Injection attack by opening this link
http://192.210.141.3/sqli_1.php?action=search&title=ZAP'+OR+'1'%3D'1'+--+
The table records will be dumped on the web page
Lab 2 - Nikto
🔬 Scanning Web Application with Nikto
Target IP:
192.157.60.3
Scan and identify web app vulnerabilities (Multillidae II) with Nikto
LFI
Open the browser and navigate to
http://192.157.60.3/
Nikto
In the Bash terminal run
nikto
and output the results to a file
Scan the target web app for Local File Inclusion (LFI) vulnerability by copying the link from the browser
http://192.157.60.3/index.php?page=arbitrary-file-inclusion.php
output to an
HTML
file
The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host
View the contents of the
passwd
file of the target machinehttp://192.157.60.3/index.php/index.php?page=../../../../../../../../../../etc/passwd
Last updated