SlideShare a Scribd company logo

Continuing in your role as a human service provider for your local.docx

Download as DOCX, PDF
R
richardnorman90310

Continuing in your role as a human service provider for your local community, your manager has asked you to write an opinion piece for the local newspaper discussing gaps in prison and jail services in their state. Write an opinion article that is 900 words. Complete the following in your article:​​​​​​​ · Describe the major beliefs of 4 criminological theories. · For each criminological theory, explain what human services should be provided to inmates. · Of the services identified for each criminological theory, list the services that are not currently provided by your local or state agencies. · Discuss your personal beliefs related to which human services should be provided by your local or state agencies. · Discuss a conclusion focused on changes in human services you would like to see made by your local or state agencies. Lab-8: Web Hacking Websites have always been among the first targets of hackers. There are many reasons for this. These are the most important ones: 1) Websites have to be reachable from the Internet. Their primary purpose is to publish something or provide some service for the public 2) There are more than 1 billion websites as almost every organization, and many individuals have websites 3) As opposed to the earlier years of the world wide web, websites are very dynamic today. They come with forms and dynamic applications implemented by many different frontend and backend technologies. A wide variety of dynamic applications not only bring more functionality to web applications but also introduces vulnerabilities. As a result, we are talking about something valuable that is billions in amount, accessible by anybody, and a commonplace for wrong implementation and vulnerabilities.Section-1: Exploit Cross-Site Scripting (XSS) Vulnerability An XSS attack enables malicious users to inject client-side scripts such as JavaScript codes into web pages viewed by other users. The term XSS is used to describe both the vulnerability and the attack type, such as XSS attack / XSS vulnerability on the web application. 1) Log into Windows 7 Attacker on the Netlab environment. 2) Open Firefox by clicking the icon on the desktop or start menu 3) Visit this page http://192.168.2.15/dvwa/login.php This is the "Damn Vulnerable Web Application" hosted on the OWASP BWA machine on Netlab. 4) Log in to web application by typing user as Username and user as Password. After logging in, you will see the page below. 5) Click on the XSS reflected on the left menu and type your nickname into the textbook at the right pane of the webpage. (I typed "ethical" and clicked the submit button. The web application gets what you typed as the input, add Hello to the beginning, and prints to the screen. 6) Try some basic HTML tags now. Type <h1>your nickname</h1> I typed "<h1>ethical</h1> and then clicked submit button. I confirm .

Education
1 of 9
Continuing in your role as a human service provider for your local community, your manager has asked you to write an opinion piece for the local newspaper discussing gaps in prison and jail services in their state. Write an opinion article that is 900 words. Complete the following in your article: · Describe the major beliefs of 4 criminological theories. · For each criminological theory, explain what human services should be provided to inmates. · Of the services identified for each criminological theory, list the services that are not currently provided by your local or state agencies. · Discuss your personal beliefs related to which human services should be provided by your local or state agencies. · Discuss a conclusion focused on changes in human services you would like to see made by your local or state agencies. Lab-8: Web Hacking Websites have always been among the first targets of hackers. There are many reasons for this. These are the most important ones: 1) Websites have to be reachable from the Internet. Their primary purpose is to publish something or provide some service for the public 2) There are more than 1 billion websites as almost every organization, and many individuals have websites 3) As opposed to the earlier years of the world wide web, websites are very dynamic today. They come with forms and dynamic applications implemented by many different frontend and backend technologies. A wide variety of dynamic applications not only bring more functionality to web
applications but also introduces vulnerabilities. As a result, we are talking about something valuable that is billions in amount, accessible by anybody, and a commonplace for wrong implementation and vulnerabilities.Section-1: Exploit Cross-Site Scripting (XSS) Vulnerability An XSS attack enables malicious users to inject client-side scripts such as JavaScript codes into web pages viewed by other users. The term XSS is used to describe both the vulnerability and the attack type, such as XSS attack / XSS vulnerability on the web application. 1) Log into Windows 7 Attacker on the Netlab environment. 2) Open Firefox by clicking the icon on the desktop or start menu 3) Visit this page http://192.168.2.15/dvwa/login.php This is the "Damn Vulnerable Web Application" hosted on the OWASP BWA machine on Netlab. 4) Log in to web application by typing user as Username and user as Password. After logging in, you will see the page below. 5) Click on the XSS reflected on the left menu and type your nickname into the textbook at the right pane of the webpage. (I typed "ethical" and clicked the submit button. The web application gets what you typed as the input, add Hello to the beginning, and prints to the screen. 6) Try some basic HTML tags now. Type <h1>your nickname</h1>
I typed "<h1>ethical</h1> and then clicked submit button. I confirm that it has been formatted as the header. This is an indication that this simple web application is vulnerable to XSS attacks. 7) Try some other tags that are as innocent as header tag. Such as <script>alert(document.cookie)</script> Take a screen capture showing the session ID. This small script shows the cookie of your session, a highly sensitive piece of data. This is a proof-of-concept for the XSS attack. An attacker may steal your session cookie leveraging an XSS attack. For XSS attacks, the sky is the limit. You can inject code to the website with the help of forms. Think about this scenario: You inject code to the product review page on an e-commerce site. Internet browsers of everybody who visits that page run a script, and that script sends the cookie of the user to the server of the attacker in an encrypted way. Reference for XSS: https://github.com/OWASP/wstg/blob/master/document/4- Web_Application_Security_Testing/07- Input_Validation_Testing/01- Testing_for_Reflected_Cross_Site_Scripting.mdSection-2: Exploit Local File Upload Vulnerability A local file upload vulnerability allows a user to upload a dangerous file to the webserver with the help of a vulnerable web application. The malicious file can then be executed on the webserver to perform malicious actions. 1) Log in to Kali Linux on the Netlab environment. 2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon.
3) Visit this page http://192.168.2.15/dvwa/login.php 4) Log in to web application by typing user as Username and user as Password. 5) Click on the Upload link on the left menu (1) and then click on Browser button (2) 2 1 6) Firefox File Upload dialog box will open. Click on the Filesystem icon on the left menu (1), navigate to /usr/share/webshells/php/ (2) , select simple-backdoor.php (3) , and click on open button (4). 4 3 2 1
7) The file will be uploaded successfully, and you will see the message shown below. Notice the path shown in the message. Note: Figure out that the upload form is vulnerable because it does not perform required checks before uploading the file. A properly programmed and configured web application should not allow uploading files with particular extensions like php, sh, cmd, bat, vbs, ps, py, which are script extensions. 8) Navigate to http://192.168.2.15/dwva/hackable/uploads/simple- backdoor.php You will a simple help page showing how to use a PHP backdoor. cat command is a simple tool on Linux distributions that prints the content of the files to the screen cat /etc/passwd shows the content of the passwd file, which stores critical user information in Unix/Linux operating systems. simple-backdoor.php enables website users to run shell commands by using the address bar of the browser. As the user, you provide the command as a parameter to the PHP file, and the PHP file takes the command, runs it at the webserver where the PHP file has been stored, and then prints the output to the browser screen instead of a terminal screen. 9) Navigate to http://192.168.2.15/dwva/hackable/uploads/simple- backdoor.php?cmd=cat+/etc/passwd Take a screenshot of the browser window. Section-3: Exploit Local File Inclusion Vulnerability Local File Inclusion (LFI) vulnerability causes web applications
to expose or run files on the webserver. A web application is nothing but shows and executes the files stored on the webserver. However, a poorly written web application may cause a malicious user to request the other files stored on the webserver; those files may store sensitive information or even be executables. 1) Log in to Kali Linux on the Netlab environment. 2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon 3) Visit this page http://192.168.2.15/dvwa/login.php 4) Log in to web application by typing user as Username and user as Password 5) Click on the File Inclusion at the left menu and see the details on how to exploit the vulnerability at the right pane 6) Include /etc/passwd file and take a screenshot of the browser window. Section-4: Exploit SQL Injection Vulnerability "Injection" is the most notorious web application security risk. It is in the first order in the OWASP top ten list. There are many kinds of injections, such as SQL, NoSQL, LDAP. SQL injection is the most commonly exploited injection vulnerability. In SQL injection, malicious SQL statements are inserted into the forms for malicious purposes, such as logging into web applications without valid credentials or dumping database contents. 1)
Log in to Kali Linux on the Netlab environment. 2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon 3) Visit this page http://192.168.2.15/dvwa/login.php 4) Log in to web application by typing user as Username and user as Password 5) Click on the SQL Injection at the left menu 6) Type 1 and click submit. This is a simple web application; it returns the user information when you type in the user ID. 7) Now add a single quote (') after 1 and click Submit. You will see an error message. Note: This error message is an indication that web application is vulnerable. Because this message is not a custom message displayed by the web application, instead it is the error message generated by the SQL server. 8) Exploit the vulnerability and dump all user information stored in the database by typing below and clicking Submit.
1’ or ‘1=1’-- The characters and their orders should be: 1) One 2) Single quote 3) Space 4) o letter 5) r letter 6) Space 7) Single quote 8) One 9) Equal sign 10) One 11) Single quote 12) Dash 13) Dash 14) Space Take a screenshot of the browser window showing the dump of all user accounts. Note: sqlmap ( http://sqlmap.org/) is a powerful utility to perform automatic SQL injections. It comes in Kali Linux distribution. Most pen testers use SQL map to try many different SQL injections on a given web form. Reference for SQL Injection:: https://owasp.org/www-project-web-security-testing- guide/latest/4-Web_Application_Security_Testing/07- Input_Validation_Testing/05- Testing_for_SQL_InjectionWeekly Learning and Reflection In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what
might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class. image4.png image5.emf image6.emf image60.emf image7.emf image7.png image8.png image9.png image10.png image11.png image12.png image13.png image14.png image15.png image1.png image2.png image3.png

Recommended

SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesisSean Roberts
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
4.Xss
4.Xss4.Xss
4.Xssphanleson
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting toolBhagyashri Chalakh
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsRahul Mohandas
 
Xss frame work
Xss frame workXss frame work
Xss frame workNgọc Liệu Nguyễn
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicITrust - Cybersecurity as a Service
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 

Recommended

SeanRobertsThesis
SeanRobertsThesisSeanRobertsThesis
SeanRobertsThesisSean Roberts
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
4.Xss
4.Xss4.Xss
4.Xssphanleson
 
vulnerability scanning and reporting tool
vulnerability scanning and reporting toolvulnerability scanning and reporting tool
vulnerability scanning and reporting toolBhagyashri Chalakh
 
Analysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsAnalysis Of Adverarial Code - The Role of Malware Kits
Analysis Of Adverarial Code - The Role of Malware KitsRahul Mohandas
 
Xss frame work
Xss frame workXss frame work
Xss frame workNgọc Liệu Nguyễn
 
Cisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicCisco WebEx vulnerability: it’s a kind of magic
Cisco WebEx vulnerability: it’s a kind of magicITrust - Cybersecurity as a Service
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
T04505103106
T04505103106T04505103106
T04505103106IJERA Editor
 
Cross site scripting
Cross site scripting Cross site scripting
Cross site scripting Bilal Mazhar MS(IS)Cyber Security II Privacy Professional
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011Ashwin Patil, GCIH, GCIA, GCFE
 
Hacking The World With Flash
Hacking The World With FlashHacking The World With Flash
Hacking The World With Flashjoepangus
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
A26001006
A26001006A26001006
A26001006IJERA Editor
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxGitam Gadtaula
 
Report on xss and do s
Report on xss and do sReport on xss and do s
Report on xss and do smehr77
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Codeguest66dc5f
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaperDaniel Tumser
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilitiesAngelinaJasper
 
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docxCross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docxmydrynan
 
BUSI 520Discussion Board Forum InstructionsThreadMarket.docx
BUSI 520Discussion Board Forum InstructionsThreadMarket.docxBUSI 520Discussion Board Forum InstructionsThreadMarket.docx
BUSI 520Discussion Board Forum InstructionsThreadMarket.docxrichardnorman90310
 
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docxBUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docxrichardnorman90310
 

More Related Content

Similar to Continuing in your role as a human service provider for your local.docx

Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
Hacking The World With Flash
Hacking The World With FlashHacking The World With Flash
Hacking The World With Flashjoepangus
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxGitam Gadtaula
 
Report on xss and do s
Report on xss and do sReport on xss and do s
Report on xss and do smehr77
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS UniverseStefano Di Paola
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Codeguest66dc5f
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaperDaniel Tumser
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilitiesAngelinaJasper
 
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docxCross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docxmydrynan
 

Similar to Continuing in your role as a human service provider for your local.docx (20)

T04505103106
T04505103106T04505103106
T04505103106
 
Cross site scripting
Cross site scripting Cross site scripting
Cross site scripting
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awareness
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011
 
Hacking The World With Flash
Hacking The World With FlashHacking The World With Flash
Hacking The World With Flash
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
A26001006
A26001006A26001006
A26001006
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptxA Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
A Survey of Exploitation and Detection Methods of XSS Vulnerabilities.pptx
 
Report on xss and do s
Report on xss and do sReport on xss and do s
Report on xss and do s
 
(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe(In)Security Implication in the JS Universe
(In)Security Implication in the JS Universe
 
Rahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_CodeRahul-Analysis_of_Adversarial_Code
Rahul-Analysis_of_Adversarial_Code
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
 
HallTumserFinalPaper
HallTumserFinalPaperHallTumserFinalPaper
HallTumserFinalPaper
 
React security vulnerabilities
React security vulnerabilitiesReact security vulnerabilities
React security vulnerabilities
 
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docxCross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
Cross-site scripting (XSS) AttacksCross-site scripting (XSS) i.docx
 

More from richardnorman90310

BUSI 520Discussion Board Forum InstructionsThreadMarket.docx
BUSI 520Discussion Board Forum InstructionsThreadMarket.docxBUSI 520Discussion Board Forum InstructionsThreadMarket.docx
BUSI 520Discussion Board Forum InstructionsThreadMarket.docxrichardnorman90310
 
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docxBUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docxrichardnorman90310
 
BUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docx
BUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docxBUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docx
BUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docxrichardnorman90310
 
BUS475 week#7Diversity in the work environment promotes accept.docx
BUS475 week#7Diversity in the work environment promotes accept.docxBUS475 week#7Diversity in the work environment promotes accept.docx
BUS475 week#7Diversity in the work environment promotes accept.docxrichardnorman90310
 
BUS475week#5In Chapter 11 of your textbook, you explored import.docx
BUS475week#5In Chapter 11 of your textbook, you explored import.docxBUS475week#5In Chapter 11 of your textbook, you explored import.docx
BUS475week#5In Chapter 11 of your textbook, you explored import.docxrichardnorman90310
 
BUS475week#6Share a recent or current event in which a busine.docx
BUS475week#6Share a recent or current event in which a busine.docxBUS475week#6Share a recent or current event in which a busine.docx
BUS475week#6Share a recent or current event in which a busine.docxrichardnorman90310
 
BUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docx
BUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docxBUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docx
BUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docxrichardnorman90310
 
BUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docx
BUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docxBUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docx
BUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docxrichardnorman90310
 
BUS308 Week 4 Lecture 1 Examining Relationships Expect.docx
BUS308 Week 4 Lecture 1 Examining Relationships Expect.docxBUS308 Week 4 Lecture 1 Examining Relationships Expect.docx
BUS308 Week 4 Lecture 1 Examining Relationships Expect.docxrichardnorman90310
 
BUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docx
BUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docxBUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docx
BUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docxrichardnorman90310
 
BUS 206 Milestone Two Template To simplify completi.docx
BUS 206 Milestone Two Template To simplify completi.docxBUS 206 Milestone Two Template To simplify completi.docx
BUS 206 Milestone Two Template To simplify completi.docxrichardnorman90310
 
BurkleyFirst edition Chapter 14Situational InfluencesC.docx
BurkleyFirst edition Chapter 14Situational InfluencesC.docxBurkleyFirst edition Chapter 14Situational InfluencesC.docx
BurkleyFirst edition Chapter 14Situational InfluencesC.docxrichardnorman90310
 
BurkleyFirst edition Chapter 7BelongingCopyright © 201.docx
BurkleyFirst edition Chapter 7BelongingCopyright © 201.docxBurkleyFirst edition Chapter 7BelongingCopyright © 201.docx
BurkleyFirst edition Chapter 7BelongingCopyright © 201.docxrichardnorman90310
 
BurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docx
BurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docxBurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docx
BurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docxrichardnorman90310
 
Bunker Hill Community College MAT 093 Foundations of Mathema.docx
Bunker Hill Community College MAT 093 Foundations of Mathema.docxBunker Hill Community College MAT 093 Foundations of Mathema.docx
Bunker Hill Community College MAT 093 Foundations of Mathema.docxrichardnorman90310
 
BurkleyFirst edition Chapter 3Psychological Origins of M.docx
BurkleyFirst edition Chapter 3Psychological Origins of M.docxBurkleyFirst edition Chapter 3Psychological Origins of M.docx
BurkleyFirst edition Chapter 3Psychological Origins of M.docxrichardnorman90310
 
Bullying and cyberbullying of adolescents have become increasingly p.docx
Bullying and cyberbullying of adolescents have become increasingly p.docxBullying and cyberbullying of adolescents have become increasingly p.docx
Bullying and cyberbullying of adolescents have become increasingly p.docxrichardnorman90310
 
Building an Information Technology Security Awareness an.docx
Building an Information Technology Security Awareness an.docxBuilding an Information Technology Security Awareness an.docx
Building an Information Technology Security Awareness an.docxrichardnorman90310
 
Building a company with the help of IT is really necessary as most.docx
Building a company with the help of IT is really necessary as most.docxBuilding a company with the help of IT is really necessary as most.docx
Building a company with the help of IT is really necessary as most.docxrichardnorman90310
 
Building a Comprehensive Health HistoryBuild a health histor.docx
Building a Comprehensive Health HistoryBuild a health histor.docxBuilding a Comprehensive Health HistoryBuild a health histor.docx
Building a Comprehensive Health HistoryBuild a health histor.docxrichardnorman90310
 

More from richardnorman90310 (20)

BUSI 520Discussion Board Forum InstructionsThreadMarket.docx
BUSI 520Discussion Board Forum InstructionsThreadMarket.docxBUSI 520Discussion Board Forum InstructionsThreadMarket.docx
BUSI 520Discussion Board Forum InstructionsThreadMarket.docx
 
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docxBUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
BUSI 330Collaborative Marketing Plan Final Draft Instructions.docx
 
BUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docx
BUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docxBUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docx
BUSI 460 – LT Assignment Brief 1 ACADEMIC YEAR 2020 – S.docx
 
BUS475 week#7Diversity in the work environment promotes accept.docx
BUS475 week#7Diversity in the work environment promotes accept.docxBUS475 week#7Diversity in the work environment promotes accept.docx
BUS475 week#7Diversity in the work environment promotes accept.docx
 
BUS475week#5In Chapter 11 of your textbook, you explored import.docx
BUS475week#5In Chapter 11 of your textbook, you explored import.docxBUS475week#5In Chapter 11 of your textbook, you explored import.docx
BUS475week#5In Chapter 11 of your textbook, you explored import.docx
 
BUS475week#6Share a recent or current event in which a busine.docx
BUS475week#6Share a recent or current event in which a busine.docxBUS475week#6Share a recent or current event in which a busine.docx
BUS475week#6Share a recent or current event in which a busine.docx
 
BUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docx
BUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docxBUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docx
BUS475v10Project PlanBUS475 v10Page 2 of 2Wk 4 – App.docx
 
BUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docx
BUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docxBUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docx
BUS472L – Unit 2 & 4 AssignmentStudent Name ___________________.docx
 
BUS308 Week 4 Lecture 1 Examining Relationships Expect.docx
BUS308 Week 4 Lecture 1 Examining Relationships Expect.docxBUS308 Week 4 Lecture 1 Examining Relationships Expect.docx
BUS308 Week 4 Lecture 1 Examining Relationships Expect.docx
 
BUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docx
BUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docxBUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docx
BUS301 Memo Rubric Spring 2020 - Student.docxBUS301 Writing Ru.docx
 
BUS 206 Milestone Two Template To simplify completi.docx
BUS 206 Milestone Two Template To simplify completi.docxBUS 206 Milestone Two Template To simplify completi.docx
BUS 206 Milestone Two Template To simplify completi.docx
 
BurkleyFirst edition Chapter 14Situational InfluencesC.docx
BurkleyFirst edition Chapter 14Situational InfluencesC.docxBurkleyFirst edition Chapter 14Situational InfluencesC.docx
BurkleyFirst edition Chapter 14Situational InfluencesC.docx
 
BurkleyFirst edition Chapter 7BelongingCopyright © 201.docx
BurkleyFirst edition Chapter 7BelongingCopyright © 201.docxBurkleyFirst edition Chapter 7BelongingCopyright © 201.docx
BurkleyFirst edition Chapter 7BelongingCopyright © 201.docx
 
BurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docx
BurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docxBurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docx
BurkleyFirst edition Chapter 5AutonomyCopyright © 2018.docx
 
Bunker Hill Community College MAT 093 Foundations of Mathema.docx
Bunker Hill Community College MAT 093 Foundations of Mathema.docxBunker Hill Community College MAT 093 Foundations of Mathema.docx
Bunker Hill Community College MAT 093 Foundations of Mathema.docx
 
BurkleyFirst edition Chapter 3Psychological Origins of M.docx
BurkleyFirst edition Chapter 3Psychological Origins of M.docxBurkleyFirst edition Chapter 3Psychological Origins of M.docx
BurkleyFirst edition Chapter 3Psychological Origins of M.docx
 
Bullying and cyberbullying of adolescents have become increasingly p.docx
Bullying and cyberbullying of adolescents have become increasingly p.docxBullying and cyberbullying of adolescents have become increasingly p.docx
Bullying and cyberbullying of adolescents have become increasingly p.docx
 
Building an Information Technology Security Awareness an.docx
Building an Information Technology Security Awareness an.docxBuilding an Information Technology Security Awareness an.docx
Building an Information Technology Security Awareness an.docx
 
Building a company with the help of IT is really necessary as most.docx
Building a company with the help of IT is really necessary as most.docxBuilding a company with the help of IT is really necessary as most.docx
Building a company with the help of IT is really necessary as most.docx
 
Building a Comprehensive Health HistoryBuild a health histor.docx
Building a Comprehensive Health HistoryBuild a health histor.docxBuilding a Comprehensive Health HistoryBuild a health histor.docx
Building a Comprehensive Health HistoryBuild a health histor.docx
 

Recently uploaded

Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 

Recently uploaded (20)

Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 

Continuing in your role as a human service provider for your local.docx

  • 1. Continuing in your role as a human service provider for your local community, your manager has asked you to write an opinion piece for the local newspaper discussing gaps in prison and jail services in their state. Write an opinion article that is 900 words. Complete the following in your article: · Describe the major beliefs of 4 criminological theories. · For each criminological theory, explain what human services should be provided to inmates. · Of the services identified for each criminological theory, list the services that are not currently provided by your local or state agencies. · Discuss your personal beliefs related to which human services should be provided by your local or state agencies. · Discuss a conclusion focused on changes in human services you would like to see made by your local or state agencies. Lab-8: Web Hacking Websites have always been among the first targets of hackers. There are many reasons for this. These are the most important ones: 1) Websites have to be reachable from the Internet. Their primary purpose is to publish something or provide some service for the public 2) There are more than 1 billion websites as almost every organization, and many individuals have websites 3) As opposed to the earlier years of the world wide web, websites are very dynamic today. They come with forms and dynamic applications implemented by many different frontend and backend technologies. A wide variety of dynamic applications not only bring more functionality to web
  • 2. applications but also introduces vulnerabilities. As a result, we are talking about something valuable that is billions in amount, accessible by anybody, and a commonplace for wrong implementation and vulnerabilities.Section-1: Exploit Cross-Site Scripting (XSS) Vulnerability An XSS attack enables malicious users to inject client-side scripts such as JavaScript codes into web pages viewed by other users. The term XSS is used to describe both the vulnerability and the attack type, such as XSS attack / XSS vulnerability on the web application. 1) Log into Windows 7 Attacker on the Netlab environment. 2) Open Firefox by clicking the icon on the desktop or start menu 3) Visit this page http://192.168.2.15/dvwa/login.php This is the "Damn Vulnerable Web Application" hosted on the OWASP BWA machine on Netlab. 4) Log in to web application by typing user as Username and user as Password. After logging in, you will see the page below. 5) Click on the XSS reflected on the left menu and type your nickname into the textbook at the right pane of the webpage. (I typed "ethical" and clicked the submit button. The web application gets what you typed as the input, add Hello to the beginning, and prints to the screen. 6) Try some basic HTML tags now. Type <h1>your nickname</h1>
  • 3. I typed "<h1>ethical</h1> and then clicked submit button. I confirm that it has been formatted as the header. This is an indication that this simple web application is vulnerable to XSS attacks. 7) Try some other tags that are as innocent as header tag. Such as <script>alert(document.cookie)</script> Take a screen capture showing the session ID. This small script shows the cookie of your session, a highly sensitive piece of data. This is a proof-of-concept for the XSS attack. An attacker may steal your session cookie leveraging an XSS attack. For XSS attacks, the sky is the limit. You can inject code to the website with the help of forms. Think about this scenario: You inject code to the product review page on an e-commerce site. Internet browsers of everybody who visits that page run a script, and that script sends the cookie of the user to the server of the attacker in an encrypted way. Reference for XSS: https://github.com/OWASP/wstg/blob/master/document/4- Web_Application_Security_Testing/07- Input_Validation_Testing/01- Testing_for_Reflected_Cross_Site_Scripting.mdSection-2: Exploit Local File Upload Vulnerability A local file upload vulnerability allows a user to upload a dangerous file to the webserver with the help of a vulnerable web application. The malicious file can then be executed on the webserver to perform malicious actions. 1) Log in to Kali Linux on the Netlab environment. 2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon.
  • 4. 3) Visit this page http://192.168.2.15/dvwa/login.php 4) Log in to web application by typing user as Username and user as Password. 5) Click on the Upload link on the left menu (1) and then click on Browser button (2) 2 1 6) Firefox File Upload dialog box will open. Click on the Filesystem icon on the left menu (1), navigate to /usr/share/webshells/php/ (2) , select simple-backdoor.php (3) , and click on open button (4). 4 3 2 1
  • 5. 7) The file will be uploaded successfully, and you will see the message shown below. Notice the path shown in the message. Note: Figure out that the upload form is vulnerable because it does not perform required checks before uploading the file. A properly programmed and configured web application should not allow uploading files with particular extensions like php, sh, cmd, bat, vbs, ps, py, which are script extensions. 8) Navigate to http://192.168.2.15/dwva/hackable/uploads/simple- backdoor.php You will a simple help page showing how to use a PHP backdoor. cat command is a simple tool on Linux distributions that prints the content of the files to the screen cat /etc/passwd shows the content of the passwd file, which stores critical user information in Unix/Linux operating systems. simple-backdoor.php enables website users to run shell commands by using the address bar of the browser. As the user, you provide the command as a parameter to the PHP file, and the PHP file takes the command, runs it at the webserver where the PHP file has been stored, and then prints the output to the browser screen instead of a terminal screen. 9) Navigate to http://192.168.2.15/dwva/hackable/uploads/simple- backdoor.php?cmd=cat+/etc/passwd Take a screenshot of the browser window. Section-3: Exploit Local File Inclusion Vulnerability Local File Inclusion (LFI) vulnerability causes web applications
  • 6. to expose or run files on the webserver. A web application is nothing but shows and executes the files stored on the webserver. However, a poorly written web application may cause a malicious user to request the other files stored on the webserver; those files may store sensitive information or even be executables. 1) Log in to Kali Linux on the Netlab environment. 2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon 3) Visit this page http://192.168.2.15/dvwa/login.php 4) Log in to web application by typing user as Username and user as Password 5) Click on the File Inclusion at the left menu and see the details on how to exploit the vulnerability at the right pane 6) Include /etc/passwd file and take a screenshot of the browser window. Section-4: Exploit SQL Injection Vulnerability "Injection" is the most notorious web application security risk. It is in the first order in the OWASP top ten list. There are many kinds of injections, such as SQL, NoSQL, LDAP. SQL injection is the most commonly exploited injection vulnerability. In SQL injection, malicious SQL statements are inserted into the forms for malicious purposes, such as logging into web applications without valid credentials or dumping database contents. 1)
  • 7. Log in to Kali Linux on the Netlab environment. 2) Open Firefox by clicking the Kali icon on the bottom left corner, typing Firefox, and clicking on the Firefox ESR icon 3) Visit this page http://192.168.2.15/dvwa/login.php 4) Log in to web application by typing user as Username and user as Password 5) Click on the SQL Injection at the left menu 6) Type 1 and click submit. This is a simple web application; it returns the user information when you type in the user ID. 7) Now add a single quote (') after 1 and click Submit. You will see an error message. Note: This error message is an indication that web application is vulnerable. Because this message is not a custom message displayed by the web application, instead it is the error message generated by the SQL server. 8) Exploit the vulnerability and dump all user information stored in the database by typing below and clicking Submit.
  • 8. 1’ or ‘1=1’-- The characters and their orders should be: 1) One 2) Single quote 3) Space 4) o letter 5) r letter 6) Space 7) Single quote 8) One 9) Equal sign 10) One 11) Single quote 12) Dash 13) Dash 14) Space Take a screenshot of the browser window showing the dump of all user accounts. Note: sqlmap ( http://sqlmap.org/) is a powerful utility to perform automatic SQL injections. It comes in Kali Linux distribution. Most pen testers use SQL map to try many different SQL injections on a given web form. Reference for SQL Injection:: https://owasp.org/www-project-web-security-testing- guide/latest/4-Web_Application_Security_Testing/07- Input_Validation_Testing/05- Testing_for_SQL_InjectionWeekly Learning and Reflection In two to three paragraphs (i.e., sentences, not bullet lists) using APA style citations if needed, summarize, and interact with the content covered in this lab. Summarize what you did as an attacker, what kind of vulnerabilities did you exploit, what
  • 9. might have prevented these attacks. Mention the attackers and all of the targets in your summary. You can provide topologies, sketches, graphics if you want. In particular, highlight what surprised, enlightened, or otherwise engaged you. You should think and write critically, not just about what was presented but also what you have learned through the session. You can ask questions for the things you're confused about. Questions asked here will be summarized and answered anonymously in the next class. image4.png image5.emf image6.emf image60.emf image7.emf image7.png image8.png image9.png image10.png image11.png image12.png image13.png image14.png image15.png image1.png image2.png image3.png