29
3.2 Bài Lab 2:
Kịch bản: Sử dụng W3AF rà quét lỗ hổng trang web: http://www.dvssc.com/dvwa/index.php
Thực hiện: w3af>>> help
|----------------------------------------------------------------------------- |
| start | Start the scan. |
| plugins | Enable and configure plugins. |
| exploit | Exploit the vulnerability. |
| profiles | List and use scan profiles. |
| cleanup | Cleanup before starting a new scan. |
|----------------------------------------------------------------------------- |
| help | Display help. Issuing: help [command] , prints more |
| | specific help about "command" |
| version | Show w3af version information. |
| keys | Display key shortcuts. |………
w3af>>> plugins w3af/plugins>>> help
|----------------------------------------------------------------------------- |
| list | List available plugins. |
|----------------------------------------------------------------------------- |
| back | Go to the previous menu. |
| exit | Exit w3af. |
|----------------------------------------------------------------------------- |
| auth | View, configure and enable auth plugins |
| grep | View, configure and enable grep plugins |
| evasion | View, configure and enable evasion plugins |
| mangle | View, configure and enable mangle plugins |
30
| crawl | View, configure and enable crawl plugins
| | bruteforce | View, configure and enable bruteforce plugins
………
w3af/plugins>>> auth |----------------------------------------------------------------------------|
| Plugin name | Status | Conf | Description |
|----------------------------------------------------------------------------|
| detailed | | Yes | Detailed authentication plugin. |
| generic | | Yes | Generic authentication plugin. |
|----------------------------------------------------------------------------|
w3af/plugins>>> bruteforce |---------------------------------------------------------------------------|
| Plugin name | Status | Conf | Description |
|---------------------------------------------------------------------------|
| basic_auth | | Yes | Bruteforce HTTP basic authentication. |
| form_auth | | Yes | Bruteforce HTML form authentication. |
|---------------------------------------------------------------------------|
w3af/plugins>>> bruteforce basic_auth,form_auth w3af/plugins>>> bruteforce
|----------------------------------------------------------------------------|
| Plugin name | Status | Conf | Description |
|----------------------------------------------------------------------------|
| basic_auth | Enabled | Yes | Bruteforce HTTP basic authentication. |
| form_auth | Enabled | Yes | Bruteforce HTML form authentication. |
|----------------------------------------------------------------------------|
w3af/plugins>>> help |-----------------------------------------------------------------------------
| | list | List available plugins.
| |-----------------------------------------------------------------------------
| | back | Go to the previous menu.
| | exit | Exit w3af.
| |-----------------------------------------------------------------------------
| | auth | View, configure and enable auth plugins
| | grep | View, configure and enable grep plugins
| | evasion | View, configure and enable evasion plugins
| | mangle | View, configure and enable mangle plugins
|………
w3af/plugins>>> bruteforce config form_auth w3af/plugins/bruteforce/config:form_auth>>> view |-----------------------------------------------------------------------------
| | Setting | Value | Modified | Description | |-----------------------------------------------------------------------------
31 | | profilingNumber | 50 | | This | | | | | indicates | | | | | how many | | | | | passwords | | | | | from | | | | | profiling | | | | | will be |……… w3af/plugins/bruteforce/config:form_auth>>> back The configuration has been saved.
w3af/plugins>>> audit
|----------------------------------------------------------------------------- -----------------------------------------------------------|
| Plugin name | Status | Conf | Description |
|----------------------------------------------------------------------------- -----------------------------------------------------------|
| blind_sqli | | Yes | Identify blind SQL injection vulnerabilities. |
| buffer_overflow | | | Find buffer overflow vulnerabilities. |
| cors_origin | | Yes | Inspect if application checks that the value of the "Origin" HTTP header isconsistent with the |
| | | | value of the remote IP address/Host of the sender ofthe incoming HTTP request. |
| csrf | | | Identify Cross-Site Request Forgery vulnerabilities. |
| dav | | | Verify if the WebDAV module is properly configured. |
| eval | | Yes | Find insecure eval() usage. |…………
w3af/plugins>>> audit xss,sqli w3af/plugins>>> help
|----------------------------------------------------------------------------- ------------------------------------------------------------|
| list | List available plugins. |
|----------------------------------------------------------------------------- ------------------------------------------------------------|
| back | Go to the previous menu. |
| exit | Exit w3af. |
|----------------------------------------------------------------------------- ------------------------------------------------------------|
| auth | View, configure and enable auth plugins |
32
| grep | View, configure and enable grep plugins |
| evasion | View, configure and enable evasion plugins |
| mangle | View, configure and enable mangle plugins |
| crawl | View, configure and enable crawl plugins |…………
w3af/plugins>>> crawl
|----------------------------------------------------------------------------- ------------------------------------------------------------|
| Plugin name | Status | Conf | Description |
|-----------------------------------------------------------------------------