3.90M
Category: informaticsinformatics

Hacking Lab Practice

1.

Hacking LAB
Dr Bishwajeet Pandey, SMIEEE
Professor-Dep. of IS&CS, Astana IT University, Kazakhstan
PhD (Gran Sasso Science Institute, L'Aquila, Italy)
Visiting Professor at
L.N. Gumilyov Eurasian National University, Kazakhstan
UCSI UNIVERSITY-Malaysia

2.

ABOUT COURSE TEACHER
PhD from Gran Sasso Science Institute, Italy
PhD Supervisor Prof Paolo Prinetto from Politecnico Di Torino, Italy
MTech from Indian Institute of Information Technology, Gwalior, India
Visited 47 Countries Across The Globe
Written 200+ Research paper with 212 Researcher from 93 Universities
Scopus Profile: https://www.scopus.com/authid/detail.uri?authorId=57203239026
Google Scholar: https://scholar.google.com/citations?user=UZ_8yAMAAAAJ&hl=hi
IBM Certified Solution Designer
EC-Council Certified Ethical Hacker
AWS Certified Cloud Practitioner
Email: [email protected], [email protected], [email protected]

3.

Hacking LAB: Practices
1.
Working with network commands in Windows and Linux (Assignment Week 1: Make a list of 50 Commands with syntax and
usage)
2. Capturing and Analyzing Network Traffic using Wireshark (Assignment Week 2: Case study of TCP 3-way handshake) or
(Assignment Week 2: Capture HTTP packet and extract username and Password using Ettercap and Wireshark)
3. Website technical information gathering using maltego, httrack, whois. (Assignment Week 3: Chose any two tools from
OSINTFramework.com and discuss the steps to use it)
4. Full Scan, Half Open Scan, Stealth Scan and XMAS Scan using NMAP (Assignment Week 4: Run Any 10 NSE Scripts )
5. Perform Host Discovery, Service Discovery(FTP, Telnet, SSH, Java RMI Server, SMB), Port Scanning using Metasploit or
(Assignment Week 5: Demonstrate Eternal Blue, VSFTPD, SSH Login exploit using Metasploit)
6. Social engineering using SEToolkit (Assignment Week 6: Create a Clone of GMAIL using SEToolkit)
7. Web parameter poisoning using burp suite (Assignment Week 7: Change the price of all item to 1 USD on e-commerce shopping
cart)
8. Create Fake Harmless Virus using Notepad (Assignment Week 8: Create a MAC/Window and Android Spyware
with MSFVenom)
9. Malware Classification using Convolutional Neural Networks using Google Colab (Assignment Week 9: Malware Classification
using Convolutional Neural Networks using Jupyter Notebook)
10. Perform session hijacking using Zed Attack Proxy (ZAP) (Assignment Week 10: Perform Session Hijacking using Wireshark)

4.

Week 10 Practice
Perform session hijacking using
Zed Attack Proxy (ZAP)
Assignment Week 10: Perform
Session Hijacking
using Wireshark

5.

Session Hijacking
● A session hijacking attack happens when an attacker takes over your
internet session — for instance, while you're checking your credit card
balance, paying your bills, or shopping at an online store. Session hijackers
usually
target
browser
or
web
application
sessions.
● Session hijacking is an attack where a user session is taken over by an
attacker. To perform session hijacking, an attacker needs to know the
victim's session ID (session key). This can be obtained by stealing the
session cookie or persuading the user to click a malicious link containing a
prepared session ID.

6.

Session Hijacking

7.

ZAP(Zed Attack Proxy)
OWASP ZAP (SHORT FOR ZED ATTACK PROXY) IS AN OPEN-SOURCE WEB
APPLICATION SECURITY SCANNER. ... WHEN USED AS A PROXY SERVER IT
ALLOWS THE USER TO MANIPULATE ALL OF THE TRAFFIC THAT PASSES
THROUGH IT, INCLUDING TRAFFIC USING HTTPS. IT CAN ALSO RUN IN A
DAEMON MODE WHICH IS THEN CONTROLLED VIA A REST API.
THE ZED ATTACK PROXY (ZAP) IS AN EASY TO USE INTEGRATED
PENETRATION TESTING TOOL FOR FINDING VULNERABILITIES IN WEB
APPLICATIONS. IT IS DESIGNED TO BE USED BY PEOPLE WITH A WIDE RANGE
OF SECURITY EXPERIENCE AND AS SUCH IS IDEAL FOR DEVELOPERS AND
FUNCTIONAL TESTERS WHO ARE NEW TO PENETRATION TESTING.

8.

Setup ZAP on Windows
• Switch to Attacker Machine (Windows Server).
• Note: Make sure to install Java Run time
• Download ZAP > https://www.zaproxy.org/download/
• On installatin process, make sure to select the option: "No, I do not want to
persist this session at this moment in time":

9.

Setup ZAP on MAC

10.

ZAP Features
• Free , open source.
• Cross platform.
• Easy to use.
• Easy to install.
• Internationalized.
• Fully documented.
• Involvement actively encouraged.
• Reuse well regarded components.

11.

ZAP Features
• Intercepting proxy.
• Automated scanner.
• Passive scanner.
• Brute force scanner.
• Web sockets.
• Advanced sql injection scanner.
• Port scanning.
• Advanced alerts.

12.

SET PROXY

13.

SET CERTIFICATE
IN ZAP, TOOL MENU>OPTIONS>Server Certificate

14.

SET CERTIFICATE

15.

IMPORT IN Trusted Root CERTIFICATION
Authorities

16.

ACTIVE SCAN WITH ZAP

17.

CAPTURE HTTP SESSION WITH ZAP
Will Click on Green + near AJAX Spider and then select HTTP Session
It will display HTTP Session Cookie

18.

CAPTURE HTTP SESSION WITH ZAP
Will Click on Green + near AJAX Spider and then select HTTP Session
It will display HTTP Session Cookie

19.

Search testphp vuln in Google,
Open Login Page

20.

Type test Username and Password
Click on Login

21.

Screen after Login

22.

NO HTTP SESSION CREATED

23.

BUT COOKIE CREATED
Press CTRL + SHIFT + I

24.

Click Application, then Click Cookies

25.

Copy Cookies Value

26.

REPEAT IN FIREFOX

27.

REPEAT IN FIREFOX

28.

OPEN WIRESHARK AND CHOSE
ETH0 and APPLY HTTP Filter

29.

Click on Logout

30.

Again Open Cookies Manager

31.

Again Open Cookies Manager
Paste cookie name

32.

Again Open Cookies Manager
Paste cookie value

33.

We Refresh Browser, we login again

34.

ZAP
OPEN ANY
HTTP:://METASPLOITABLE-IP/mutillidae/index.php?page=login.php
HTTP:// METASPLOITABLE-IP/dvwa
We shall get
PHPSESSID in 3 Place:
1. ZAP,
2. BROWSER COOKIE Manager,
3. WIRESHARK

35.

Enter admin’ # in NAME and Click
Login

36.

LOGIN SUCCESSFUL

37.

SESSION ID IN ZAP

38.

SESSION ID IN BROWSER COOKIE
MANAGER

39.

SESSION ID IN WIRESHARK

40.

Right Click and Clear

41.

Right Click and Clear

42.

Refresh Browser and We Logout

43.

If we add three cookies manually
we shall get login session

44.

If we add three cookies manually
we shall get login session

45.

ZAP
OPEN ANY
HTTP:// OWASP-BWA-IP/WebGoat
We shall get
JSESSIONID in 3 Place:
1. ZAP,
2. BROWSER COOKIE Manager,
3. WIRESHARK
English     Русский Rules