Exploiting a Vulnerable Web Application

CEH Exam Domain:
Domain 1: Background
Domain 4: Tools/Systems/Programs

CEH Objective Mapping:
Objective 1.2 Information Security Threats and Attack Vectors
Objective 4.3 Information Security Tools

Overview

In this lab, you will learn how to exploit a vulnerable web application. You are using the external Kali attack machine on the wide area network, or WAN, to attack a web application on the network. You will use Armitage, which is a front end for Metasploit, to exploit a machine using XAMPP WebDAV PHP Upload exploit.

outcomes:

In this lab, you will learn to:

Use nmap to scan a network.
Use Metasploit and Armitage to exploit a common web server vulnerability.
Use Meterpreter to breach a system.

Courses

Ethical Hacking and Systems Defense

Key terms and descriptions

nmap

A port scanner which will indicate whether ports are open or closed on a remote system.

Zenmap

A GUI front end for nmap; will allow you to scan for open ports and services.

Kali Linux

An Advanced Penetration Testing Linux distribution designed for digital forensics and penetration testing, ethical hacking, and network security assessments.

Metasploit

A framework that contains exploits for various information systems.

Meterpreter

A tool that is packaged together with the Metasploit framework and provides an advanced, dynamically extensible payload that uses in-memory DLL injection stagers and is extended over the network at runtime.