Lab 10
Lab 10 Setup
Virtual Machines for Kali Linux, Meta 2 and Ubuntu the Same NAT Network
Lab 10.1 OWASP ZAP
Lab 10.1a OWASP Zed Attack Proxy (ZAP)
Install ZAP and Run
Lab 10.1b OWASP Zed Attack Proxy (ZAP)
Run Automated Scan against Meta 2 IP Mutillidae
Start Attack. Be patient.
Wait for Scan to Complete
Lab 10.1c OWASP Zed Attack Proxy (ZAP)
Click “Alerts” Tab to see Vulnerabilities
Lab 10.2 BEEF IN THE REAL WORLD
Lab 10.2a Adding Bridged Adapter to Kali
Power Off Kali, Go to Settings Menu, Under Network
Generate a New
Random MAC
Address
Remember to
Enable Network
Adapter
Lab 10.2b Adding Bridged Adapter to Kali
Power Up Kali. Now 3 Network Interfaces are Running
Lab 10.2c Changing Network Interfaces for Kali
Backup /etc/interface/networks and Configure Changes
Lab 10.2d Changing Network Interfaces for Kali
Backup /etc/interface/networks and Configure Changes
Lab 10.2e Running BEEF on Kali
Reboot Kali VM. Now you should be able to attack your Host PC’s Browser via Beef
When the Host PC's browser (intended victim) visits the
site, it loads the file and hooks the browser
Lab 10.2f Exploit Browser Sessions with BEEF
Hundred of Modules broken down into 12 categories, incl. Exploits, Network and Social Engineering
The Google Phishing module within BeEF can trick
the user of a hooked browser into revealing their Google credentials.
Lab 10.2g Exploit Browser Sessions with BEEF
Let’s try the Fake Login Page
Lab 10.3 WEB CRAWLERS
Lab 10.3a Simple Web Crawler Program for Searching Subdomains
Sample Program
import requests
domain = "uow.edu.au"
url = "http://"+domain
response = requests.get(url)
print(response)
Lab 10.3b Simple Web Crawler Program for Searching Subdomains
Suggested Solution given subdomains.txt
import requests
def check_subdomain(url):
try:
return requests.get(url)
except requests.exceptions.ConnectionError: pass
subdomain_file = open("subdomains.txt", "r")
domain = "uow.edu.au“
for line in subdomain_file:
subdomain=line.strip()
url = "http://"+subdomain+"."+domain
if check_subdomain(url):
print(url)
Lab 10.3c Web Crawler Program for Searching Subdirectories
Suggested Solution given dirs.txt
import requestsdef check_dir(url):
try:
return requests.get(url)
except requests.exceptions.ConnectionError: pass
dirs_file = open("dirs.txt", "r")
target = http://10.0.2.5/mutillidae
for line in dirs_file:
word=line.strip()
url = target+"/"+word
if check_dir(url):
print(url)
Update Meta 2
IP Address
Lab 10.4 GPG
Lab 10.4a Setup
Virtual Machines for Kali Linux, and Meta under the Same NAT Network
Lab 10.4b GPG Symmetric Encryption
Using GPG Symmetric Key (Shared Private Key)
Cipher
Key + Algorithm
Encryption
Cipher Text
# gpg -c test.txt
# gpg -c --armor test.txt
test.txt.gpg
test.txt.asc
Decryption
# gpg test.txt.gpg
# gpg test.txt.asc
Lab 10.4c GPG Encrypt and Decrypt
Using GPG Symmetric Key (Shared Private Key)
Lab 10.4d GPG Asymmetric Encryption
Using GPG Asymmetric Key (Public-Private Key)
Cipher
Key + Algorithm
(1) Sender and Recipicent (2) Sender and Recipient (3) Sender Uses Recipient’s (4) Recipient Uses his Own
Private Key to
Gen Full Keys
Exchange Public Keys
Public Key to
Decrypt Message
Encrypt Message
Lab 10.4e GPG Asymmetric Encryption
Creating Public and Private Keys for Alice on Kali VM
Lab 10.4e GPG Asymmetric Encryption
Creating Public and Private Keys for Alice on Kali VM
Lab 10.4f GPG Encrypt and Decrypt
Copy and List Generated Keys
Lab 10.4g GPG Asymmetric Encryption
Can you do the same for Bob on Ubuntu VM?
Lab 10.4g GPG Asymmetric Encryption
Can you do the same for Bob on Ubuntu VM?
Lab 10.4h GPG Asymmetric Encryption
Let’s Exchange the Keys
Lab 10.4i GPG Asymmetric Encryption
Sender Import and Encrypt
Lab 10.4j GPG Asymmetric Encryption
Recipient Decrypt