VAPT Lab Assignment 4

Aim:

Web Application Penetration Testing

Objective:

Brute-Forcing credentials with Burp-Suite ; and Exploiting File Upload

Vulnerability

Theory:

Burp Suite is a popular cybersecurity tool developed by PortSwigger Security. It is

widely used by security professionals, penetration testers, and web developers to
assess the security of web applications. Burp Suite provides a comprehensive platform
for performing security testing and vulnerability scanning on web applications. It is
developed by the company named Portswigger, which is also the alias of its founder
Dafydd Stuttard. BurpSuite aims to be an all-in-one set of tools and its capabilities
can be enhanced by installing add-ons that are called BApps. It is the most popular
tool among professional web app security researchers and bug bounty hunters.

Web application penetration testing is the practice of simulating attacks on a system

in an attempt to gain access to sensitive data, with the purpose of determining whether
a system is secure. These attacks are performed either internally or externally on a
system, and they help provide information about the target system, identify
vulnerabilities within them, and uncover exploits that could actually compromise the
system. It is an essential health check of a system that informs testers whether
remediation and security measures are needed.

There are several key benefits to incorporating web application penetration testing
into a security program:

• It helps you satisfy compliance requirements. Pen testing is explicitly required

in some industries, and performing web application pen testing helps meet this
requirement.

• It helps you assess your infrastructure. Infrastructure, like firewalls and DNS
servers, is public-facing. Any changes made to the infrastructure can make a
system vulnerable. Web application pen testing helps identify real-world
attacks that could succeed at accessing these systems.
 • It identifies vulnerabilities. Web application pen testing identifies loopholes in
applications or vulnerable routes in infrastructure—before an attacker does.

• It helps confirm security policies. Web application pen testing assesses existing
security policies for any weaknesses.

The usual process of penetration testing for web applications involves a vulnerability
scanner which is used to probe and detect loopholes in your security such as
misconfiguration, unpatched software, SQLi, cross-site scripting, etc. Once the testing
and exploiting are done the pentesters prepare a pentest report containing the details
of all the tests performed, vulnerabilities found, information about their severity, and
probable solutions. You can engage your in-house security team or look for web
application penetration testing services.

Brute-Forcing Credentials:
Brute-forcing credentials refers to the process of systematically attempting different
combinations of usernames and passwords until the correct credentials are found,
allowing unauthorized access to a system or application. This method relies on the
attacker's ability to guess or generate potential usernames and passwords and then test
each combination until a valid set of credentials is discovered. Brute-forcing is
typically used in scenarios where the attacker does not have prior knowledge of valid
credentials but wants to gain unauthorized access to a system or service. It's often
employed against login pages of web applications, network services, or any system
that requires authentication.

Here's how the process generally works:

• Username Enumeration:
Attackers may try to enumerate valid usernames through various means, such
as scraping public information, using default usernames, or attempting
common usernames.

• Password Guessing:
Attackers generate or obtain a list of potential passwords to try, which can
include commonly used passwords, dictionary words, character permutations,
or even random combinations.

• Automated Testing:
Using automated tools or scripts, attackers systematically test each
combination of username and password against the target system's login
interface. They may utilize tools like Burp Suite's Intruder, Hydra, or custom
scripts for this purpose.
 • Success or Failure:
For each attempted combination, the attacker observes the system's response.
If the login attempt is successful, the attacker gains unauthorized access. If it
fails, the attacker continues trying other combinations until successful or until
the attack is stopped.

• Exploitation:
Once valid credentials are obtained, attackers can access sensitive information,
compromise accounts, perform unauthorized actions, or escalate their
privileges within the system.

File Upload Vulnerabilities:

A file upload vulnerability refers to a security weakness in a web application that
allows an attacker to upload and execute malicious files. This type of vulnerability
can have severe consequences, including unauthorized access, data leakage, and even
system compromise.

File upload functions allow users to send files from their devices directly to a web
server if they follow certain rules. For example, they may allow users to upload only
JPG files. But what if malicious code is disguised as an accepted file type? This can
create serious security risks known as “file upload vulnerabilities”. So, file upload
vulnerabilities are when web servers can’t vet their contents to maintain safe and
secure operations if users upload rogue files with malicious intent.

Here's how a file upload vulnerability typically works:

• Web Application Functionality:

Many web applications allow users to upload files, such as images,
documents, or media files, for various purposes like profile pictures,
attachments, or content sharing.

• Lack of Proper Validation:

Insecurely designed or poorly implemented file upload functionalities
may lack proper validation and restrictions on the types of files that can
be uploaded, the size of the files, or the location where the files are stored.

• Exploitation:
An attacker can exploit this vulnerability by uploading a malicious file
containing scripts or executable code, such as PHP, JavaScript, or shell
commands. The attacker may disguise the malicious file as a benign file
type, such as an image or document, to bypass validation checks.
• Execution of Malicious Code:
Once the malicious file is uploaded and stored on the server, the attacker
may trigger the execution of the malicious code by accessing it through
the web application. This can lead to various forms of attacks, including
remote code execution, command injection, file inclusion, or server-side
request forgery (SSRF).

• Consequences:
Depending on the nature of the vulnerability and the capabilities of the
attacker, the consequences of a file upload vulnerability can be severe. It
may allow the attacker to gain unauthorized access to sensitive data,
compromise user accounts, escalate privileges, execute arbitrary
commands on the server, or launch further attacks against other users or
systems.
Implementation:

• Brute Force:
• File Vulnerability:
Conclusion:

Brute force attacks and file vulnerability exploitation are significant security concerns
that can compromise the integrity and confidentiality of systems. BurpSuite, a
powerful web application testing tool, can be instrumental in detecting and mitigating
these vulnerabilities. In conclusion, BurpSuite is a valuable tool for detecting and
mitigating brute force attacks and file vulnerabilities in web applications. However,
it's important to note that security is an ongoing process, and regular testing and
updates are essential to stay ahead of emerging threats.
FAQ:

Q1. What is Burp Suite and where is it used?

Ans. Burp Suite is a comprehensive set of tools designed for web application security
testing. Developed by PortSwigger Security, Burp Suite is widely recognized
and utilized by security professionals, penetration testers, and web developers to
identify and address vulnerabilities in web applications. It is commonly used by
security professionals during penetration testing engagements, security
assessments, and vulnerability research.

Q2. What is Brute Force Attack? Give some prevention methods.

Ans. A brute force attack is a method used by hackers to gain unauthorized access to
a system or an account by systematically trying all possible combinations of
usernames, passwords, or encryption keys until the correct one is found. This
type of attack relies on the attacker's ability to test a large number of
combinations rapidly. Here are some prevention methods:

• Implement Account Lockout Policies

• CAPTCHA (Completely Automated Public Turing test to tell Computers and
Humans Apart)
• Network Intrusion Detection Systems

Q3. What is File Vulnerability?

Ans. File vulnerability refers to weaknesses or security flaws in files stored on a

system or accessed over a network that can be exploited by attackers to
compromise the integrity, confidentiality, or availability of data or the system
itself. These vulnerabilities can arise due to various factors, including insecure
file permissions, insufficient input validation, poor coding practices,
misconfigured servers, or outdated software.