Lab 10 Lab 10 Setup Virtual Machines for Kali Linux, Meta 2 and Ubuntu the Same NAT Network Lab 10.1 OWASP ZAP Lab 10.1a OWASP Zed Attack Proxy (ZAP) Install ZAP and Run Lab 10.1b OWASP Zed Attack Proxy (ZAP) Run Automated Scan against Meta 2 IP Mutillidae Start Attack. Be patient. Wait for Scan to Complete Lab 10.1c OWASP Zed Attack Proxy (ZAP) Click “Alerts” Tab to see Vulnerabilities Lab 10.2 BEEF IN THE REAL WORLD Lab 10.2a Adding Bridged Adapter to Kali Power Off Kali, Go to Settings Menu, Under Network Generate a New Random MAC Address Remember to Enable Network Adapter Lab 10.2b Adding Bridged Adapter to Kali Power Up Kali. Now 3 Network Interfaces are Running Lab 10.2c Changing Network Interfaces for Kali Backup /etc/interface/networks and Configure Changes Lab 10.2d Changing Network Interfaces for Kali Backup /etc/interface/networks and Configure Changes Lab 10.2e Running BEEF on Kali Reboot Kali VM. Now you should be able to attack your Host PC’s Browser via Beef When the Host PC's browser (intended victim) visits the site, it loads the file and hooks the browser Lab 10.2f Exploit Browser Sessions with BEEF Hundred of Modules broken down into 12 categories, incl. Exploits, Network and Social Engineering The Google Phishing module within BeEF can trick the user of a hooked browser into revealing their Google credentials. Lab 10.2g Exploit Browser Sessions with BEEF Let’s try the Fake Login Page Lab 10.3 WEB CRAWLERS Lab 10.3a Simple Web Crawler Program for Searching Subdomains Sample Program import requests domain = "uow.edu.au" url = "http://"+domain response = requests.get(url) print(response) Lab 10.3b Simple Web Crawler Program for Searching Subdomains Suggested Solution given subdomains.txt import requests def check_subdomain(url): try: return requests.get(url) except requests.exceptions.ConnectionError: pass subdomain_file = open("subdomains.txt", "r") domain = "uow.edu.au“ for line in subdomain_file: subdomain=line.strip() url = "http://"+subdomain+"."+domain if check_subdomain(url): print(url) Lab 10.3c Web Crawler Program for Searching Subdirectories Suggested Solution given dirs.txt import requestsdef check_dir(url): try: return requests.get(url) except requests.exceptions.ConnectionError: pass dirs_file = open("dirs.txt", "r") target = http://10.0.2.5/mutillidae for line in dirs_file: word=line.strip() url = target+"/"+word if check_dir(url): print(url) Update Meta 2 IP Address Lab 10.4 GPG Lab 10.4a Setup Virtual Machines for Kali Linux, and Meta under the Same NAT Network Lab 10.4b GPG Symmetric Encryption Using GPG Symmetric Key (Shared Private Key) Cipher Key + Algorithm Encryption Cipher Text # gpg -c test.txt # gpg -c --armor test.txt test.txt.gpg test.txt.asc Decryption # gpg test.txt.gpg # gpg test.txt.asc Lab 10.4c GPG Encrypt and Decrypt Using GPG Symmetric Key (Shared Private Key) Lab 10.4d GPG Asymmetric Encryption Using GPG Asymmetric Key (Public-Private Key) Cipher Key + Algorithm (1) Sender and Recipicent (2) Sender and Recipient (3) Sender Uses Recipient’s (4) Recipient Uses his Own Private Key to Gen Full Keys Exchange Public Keys Public Key to Decrypt Message Encrypt Message Lab 10.4e GPG Asymmetric Encryption Creating Public and Private Keys for Alice on Kali VM Lab 10.4e GPG Asymmetric Encryption Creating Public and Private Keys for Alice on Kali VM Lab 10.4f GPG Encrypt and Decrypt Copy and List Generated Keys Lab 10.4g GPG Asymmetric Encryption Can you do the same for Bob on Ubuntu VM? Lab 10.4g GPG Asymmetric Encryption Can you do the same for Bob on Ubuntu VM? Lab 10.4h GPG Asymmetric Encryption Let’s Exchange the Keys Lab 10.4i GPG Asymmetric Encryption Sender Import and Encrypt Lab 10.4j GPG Asymmetric Encryption Recipient Decrypt