Add to collection(s) Add to saved
  1. No category
Uploaded by Sam Clough

CYB660-2-Bonus

advertisement 
CYB 660: Penetration Testing
Group Bonus Point Exercise
Due Date: 11/30, 11:59 P.M. (Late
Submission Not Accepted)
Description: In this bonus point exercise, you are required to find the
password for root user in MySQL server. This bonus point exercise is
worth 1% of your total score.
Instructions:
1. Start your Kali VM and your Metasploitable3 in AWS.
2. In your Kali VM, type vncserver to connect to your Kali’s desktop.
3. Next, on your Kali’s desktop, launch Firefox.
4. Enter the private IP of your Metasploitable 3 for URL.
5. You will then see the following. Click on DVWA. Please see below
Figure 1: DVWA Webpage
1
6. Enter admin for username and password for password.
7. Next, click DVWA Security. See below.
Figure 2: DVWA Security
8. Next, set the security level to low. See below.
2
Figure 3: Security Level
9. Next, click Command Injection. See below.
Figure 4: Command Line Injection
10. In this step, you are going to do some testing. Please see below.
3
Enter this command for testing purpose. Notice that ; is
used to separate one command from the next.
Figure 5: Entering Command
You should be able to see the following output:
Figure 6: Output for Command Injection
11. Now, you are on your own. Please take note that DVWA web application connects to MySQL
database server. Run some Linux commands (that you have learned in Week 2 and Week 3) to
enumerate the password of the root user in MySQL database server. (Some hints: look for the
default Web directory for Apache Web server).
Submission:
Please make only ONE submission per group if your group choose to take up the challenge! You can
select a group member to submit the work. You must perform command line injection on the DVWA
website.
4
You are required to submit:
a. A screenshot to clearly show the command you entered. The background of the screenshot
must clearly show a terminal with whoami command with RED_TEAM_xxx as the output.
b. A screenshot to clearly show the username root and his/her password of MySQL database
server. The background of the screenshot must clearly show a terminal with whoami
command with RED_TEAM_xxx as the output.
5
Related documents
Flow Chart
Flow Chart
NIT5081 Assignment (MSF Remote Access File Transfer)
NIT5081 Assignment (MSF Remote Access File Transfer)
Basic Security Testing with Kali Linux ( PDFDrive )
Basic Security Testing with Kali Linux ( PDFDrive )
becoming-master-hacker
becoming-master-hacker
Linux Commands
Linux Commands
Web Penetration Testing with Kali Linux
Web Penetration Testing with Kali Linux
Mastering Kali Linux for Advanced - Copy
Mastering Kali Linux for Advanced - Copy
linux
linux
ethical-hacking-a-hands-on-introduction-to-breaking-in
ethical-hacking-a-hands-on-introduction-to-breaking-in
Download
advertisement