8.2 Insecure Deserialization Lab Instructions

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

12 hours 9 minutes
Video Transcription
Hi, everyone. Welcome back to the course. So in the last video, we wrapped up our discussion on insecure D. C. Realization.
So this video, we're just gonna do a quick example of that? We'll take a look at it. As I mentioned, this is gonna be a pretty quick lab for this particular module on. And that's okay. We just want to introduce you to the concert.
So what? He's a cyber lab environment for this lab, and you'll notice that I've already wants the lap. However, on your end of things, if you haven't watched it yet, just go ahead and search in the catalogue for a lost and you'll see the labs associated with that. Specifically, we're looking for the insecure, the serialization lab.
So once the lab opens up, as we normally have seen throughout this course, we'll get the pop up boxes. Just click on next and okay to go ahead and close those out. And sometimes you get these other little pop ups as well. You get his ex out of those and it'll take you to the Kelly Lennox log in screen.
Now at the log in screen, we're just gonna type in the user name and password of student.
So a student all over case just press enter on your keyboard and then student again on your keyboard Impress intern that a law gets into the Cali machine.
It might take a moment so afford to actually log in. Sometimes it's a little slow, but we'll go ahead and give it a chance to Once we look into the Cali machine, we're gonna first go ahead and turn off the screen lock features. So that way, as we go through the lab, we hope to reduce our risk of it actually locking up on us and making us reboot the Cali machine.
So the way we do that is just click on the arrow at the top right here,
and it's gonna open up many force. It might take a second since we just booted up Kelly
and then click on the Settings icon at the very bottom left. It looks like a little screwdriver in a monkey wrench together.
Once you do, that is gonna open up a window for you. So we're going to see in there a privacy option so it might take a 45 seconds or so to open up the window. You'll see it opens up now,
and we just clicked on privacy on the left side, we click on screen lock.
And then finally, when it gives us a pop a box, we just click this circle to the left. So we wanted to move to the left. That'll turn off the screen lock feature, and then we could just x out of that.
All right, so now we'll go back to our lab document. So we're here at step six. We're gonna go ahead, launch fire, Fox. And what that's gonna do is it's gonna take us to the Mattila Day, Paige. So Firefox is gonna be this top left icon here, this orange and white colored one. So just go ahead and click on that.
Might take him over to suffer to pull up for us.
And then once it pulls up, we're gonna type in this in the u R L bar. Right here. So we're type http colon forward slash forward slash Mattila day forward slash d serialize dot PHP.
All right, let's go and do that. Now we'll type in.
Http Colon force last four slash
re till today.
Forward slash
do you cereal is I d serialize. Say that five times fast.
All right. Do you see? You realize I'm trapped in that room
and then dot PHP.
So once you've got that in this press Internet keyboard and you should be taken to this page right here.
All right, so let's go back to our lab document.
So now what we're gonna do is we're to click where it says that. Say, hi, link. So we're gonna go and click on that. So this top link here
now, if you want it if you want, you can go ahead and Paul's video right now Just look through what's going on that will explain what we're doing in this particular lab, or you just come back to this page later on. But for our purposes, we're gonna go ahead. Move forward was clicking to say hi, Option.
All right, so you'll see we've got some different information here on the page. Basically, we just have a helo in about a hello statement and then back option.
But we're gonna do is we're gonna look in the u R l. So we're gonna go into the u R l and we're gonna be navigating ourselves with our arrow keys on the keyboard until we find the value of 15 and where it says print. Hello?
All right, so let's go and do that now. So just click in there and then just use your air, okay? Be careful not to delete anything yet.
We just want to find the 15 and then the print. Hello?
All right, so you'll see there. I found it pretty quickly there. So we see we have the 15 right there. Now we have the print. Hello? Right there.
All right, so let's go back to our lab document.
So once we found that information, we're gonna change the 15 to a 12 and then we're just gonna change the word hello to Ah, hi.
So let's go and do that now.
So we're gonna change the 15 to a 12. So what has changed out to a 12 and then we're gonna change the hello to Ah, hi.
Once we've changed, those were just gonna hit and turn her keyboard to make the change.
All right, let's go back to our lab document. No. So now question number one here.
Do we see any different text on the Web page so that it did the web page text Change it all. If yes, what is a Web page text now say
are so we did notice that since we changed Hello too high. The web page now shows high instead of hello. So that would be the answer to question number one there.
All right, So now what we're gonna do, we're gonna go back to our girl again. We're gonna go back and find the 12 that we put in as well as the print high, and then we're gonna change that information to be a 10 and then PHP info with parentheses.
So let's go ahead and do that now. So we'll click back on our, uh, your ale here.
We'll use our arrow keys toe, find our way over
again. We're looking for the 12 and then our print high. So you'll see. We have our 12 right there,
and we have a print high right here.
All right. So again, we want to change our 12 to attend, So let's go ahead and do that now.
So who's gonna change this to a 10?
All right,
now we're gonna change our print high to just say PHP info with parentheses. So let's go and do that now.
So it is going to change this print high right inside here.
PHP dot info and then parentheses.
Looks like a put a slash in there.
We'll take that house a PHP. Info. Parentheses. Now, once we type that and what is gonna hit internal keyboard,
we'll see what kind information we get back.
All right. So question number two here, do you see the output of PHP code? So do we see anything on the page? Now that is PHP related.
So let's take a look here and see.
All right. So the answer is yes. Right. So I see. Ah, lot information regarding a PHP. You see different information about, you know, I p addresses server server I, p address and name configuration information, etcetera, etcetera. So, basically, I could go found this paint if I was an attacker and get a lot of valuable information to then further attack the systems.
All right, let's go back to our lab document.
Okay, So our last step here were to go back to our you're ill, and we're gonna type and change the 10 to a 13 and then we're gonna change the PHP info to system I d. So let's go ahead and do that now.
So we'll go back and we'll find where our 10 is
as well as a PHP info.
So we see what we have are 10 there, and we have our PHP info right there.
All right, so we want to change our 10 to 13. So let's go ahead and do that.
Changed out to 13.
And then we also want to change our PHP info parentheses to system and then parentheses with idea inside a quotation marks. So let's go and do that. Now
type in system
parentheses and then inside of that, we have quotation marks. And inside of that, we have i d.
So again, system
presidency quotation, I d quotation parentheses, E. And then once we tied that in, what's gonna press enter on a keyboard to run that?
All right. So question number three here,
do we see www dash data? So do we see that user account here?
All right, so the answer is yes, right. We actually see that all over here.
All right, so we see the user ideas. WW data.
So basically, what this is telling us is that if we replace the I d. With a different system command, we could basically execute any target system command on this particular system. So again, we just took a high level overview of the serialization in this particular lab.
In the next module, we're gonna cover using components with known vulnerabilities.
Up Next