Cloud Attack Lab – requires Ubuntu, download of Docker – Please read Question Details

Lab Goals

• Install a container service/platform and run a container image on the virtual machine instance.
• Perform a SQL injection attack on a vulnerable database server.

Lab Purpose

This lab will help to familiarize you with installing a container service (Docker) on a virtual machine, and then running a vulnerable Docker image for the purposes of exploiting a vulnerability (SQL injection).

Lab Instructions

Prerequisites: Ubuntu Linux virtual machine installed in VirtualBox

Read and follow these steps closely, slow down, and don’t rush. If you do rush, you will likely make mistakes and it will cause you to spend more time on the lab than necessary. You will need to take screenshots when prompted. You will need these screenshots for your lab report.

Note:

• Screenshot extensions in the examples described below are .png, but you can also use .jpg or .jpeg.

Part 1: Install Docker

1. Login to Ubuntu, bring up a terminal window, and type in the following commands at the prompt, do not copy/paste them. For commands that take up more than one line, type them out in one line, but put a space in between the last word in a line and the first word of the next line.

sudo apt update

Then this command:

sudo apt install ca-certificates curl gnupg lsb-release -y

Then this command:

sudo mkdir -p /etc/apt/keyrings

Then this command (when typing in the command, there is no space between the — and dearmor, everything is on one line):

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg –dearmor -o /etc/apt/keyrings/docker.gpg

Then this command (when typing in the command, there is no space between the – and by, there is a space between ] and https://, and there is a space between | and sudo, everything is on one line):

echo “deb [arch=$(dpkg –print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable” | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Then this command:

sudo apt update

Then this command (when typing in the command, there is no space between the – and plugin, everything is on one line):

sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y

2. Docker should now be installed. You should verify that the installation was successful by typing in the following:

sudo docker run hello-world

3. If you see a bunch of output and can locate a message in that output that says:

“Hello from Docker! This message shows that your installation appears to be working correctly.”

That is your confirmation that you are ready to proceed to the next section.

4. Take a screenshot of the terminal window with your name at the prompt and name it: lab_G_screenshot_1.png.

Part 2: Install DVWA Docker Image

5. Type in the following command at the prompt and hit enter/return:

sudo docker run –rm -it -p 80:80 vulnerables/web-dvwa

6. You will see a great deal of output that shows that the web-dvwa image has been pulled (downloaded) and some services starting to include MariaDB and Apache. This is the expected result.

7. Leave the terminal window open, but on a sheet of paper write down the private IP address at the bottom of the terminal window and label it as Lab G Linux server. You want to select the one below the black terminal portion of the page.

Part 3: Use DVWA Image and Exploit a Vulnerability

8. Open up a web browser and type in the private IP address for the Lab G Linux Server into the address bar, and hit enter. This will open the DVWA login screen. It should look like this:

9. Login with the following credentials:

1. Username: admin
2. Password: password

10. Click on the button located toward the bottom of the screen.

11. Login again with the same credentials provided in the previous step above.

12. On the left side of the page, locate and click on SQL Injection.

Discover all users:

13. In the User ID field, enter ‘ or ‘1’ = ‘1 and then click on the submit button.

14. You will get results back showing the entire contents of the database table that stores user information. This is an indicator that the input you provided in the last step was executed by the database and resulted in a successful SQL injection attack to list all users in the database table.

15. Select the text in the address bar and replace it with “First Name and Last Name” but don’t hit enter, just click away from the address bar and onto the web page body.

16. Take a screenshot of the web page with your name in the address bar and the output of the SQL Injection attack on the page and name it: lab_G_screenshot_2.png, it should look like this, but with your first and last name. Ensure that it is clearly readable:

Discover all database table names:

17. In the User ID field, enter ‘ and 1=0 union select null, table_name from information_schema.tables # and then click on the submit button.

18. You will get results back showing the names of every table in the database (of importance, the guestbook and users tables). This is another indicator that the input you provided in the last step was executed by the database and resulted in a successful SQL injection attack.

19. Select the text in the address bar and replace it with “First Name and Last Name” but don’t hit enter, just click away from the address bar and onto the web page body.

20. Take a screenshot of the web page with your name in the address bar and the output of the SQL Injection attack on the page and name it: lab_G_screenshot_3.png, it should look like this, but with your first and last name. Ensure that it is clearly readable:

Discover ‘users’ table field/column names:

21. In the User ID field, enter ‘ and 1=0 union select null, concat(table_name,0x0a,column_name) from information_schema.columns where table_name = ‘users’ # and then click on the submit button.

22. You will get results back showing the names of all fields/columns in the users table, including the name of the field that stores user passwords, which is named password. This is another indicator that the input you provided in the last step was executed by the database and resulted in a successful SQL injection attack.

23. Select the text in the address bar and replace it with “First Name and Last Name” but don’t hit enter, just click away from the address bar and onto the web page body.

24. Take a screenshot of the web page with your name in the address bar and the output of the SQL Injection attack on the page and name it: lab_G_screenshot_4.png, it should look like this, but with your first and last name. Ensure that it is clearly readable:

Discover usernames and passwords:

25. In the User ID field, enter ‘ and 1=0 union select null, concat(first_name,0x0a,last_name,0x0a,user,0x0a,password) from users # and then click on the submit button.

26. You will get results back showing the sensitive information stored in this table, including the usernames and passwords (password hashes) for all users. This is another indicator that the input you provided in the last step was executed by the database and resulted in a successful SQL injection attack.

27. Select the text in the address bar and replace it with “First Name and Last Name” but don’t hit enter, just click away from the address bar and onto the web page body.

28. Take a screenshot of the web page with your name in the address bar and the output of the SQL Injection attack on the page and name it: lab_G_screenshot_5.png, it should look like this, but with your first and last name. Ensure that it is clearly readable:

29. Close the DVWA browser window and the terminal window.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.