Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Description

This lab-based lesson offers participants step by step instructions in how to use Web Goat for malicious file execution. By uploading an image which can be found on web based discussion boards and social networking sites and are vulnerable to malicious code.

Video Transcription

00:04
Hello and welcome to the side. Very secure coding course. My name is anywhere and this is Sands Top 25. Upload fire with dangerous type lab. We're gonna be using Web goats. Malicious file. Execution lesson.
00:20
This is the lab of Web goats. Malicious execution, malicious file execution. The instruction state that the form below allows you to upload an image which will be displayed on this page.
00:33
Features like this are often found on Web based discussion boards in social networking sites. This feature is vulnerable to malicious file execution.
00:46
In order to pass this lesson, upload and run a malicious file
00:51
in order to prove that your file can execute it should create another file that has this name, basically this location. And it's called Guess dot t x c.
01:03
Now, in order to do this, what we need to do is actually upload a particular file
01:10
that is going to be excusable
01:12
within the Web server once it's uploaded.
01:17
So the file that we're gonna use is called command dot jsp.
01:23
So as you know, Web goat is
01:26
a Java J two ee Web application
01:32
and so we can upload Js peas. And if the permissions
01:38
are not secure. We may even be able to execute a JSP.
01:44
So this particular J S P is actually from fusty be. And you can probably google for it fusty B and then Google for, uh, see MD dot jsp.
01:56
It's pretty simple. It's just a standard form. And inside of the script lit code, what we're going to do is
02:05
receive in a command from a text box, and I owe stream that we can then use to write out to create a file. And so let's go ahead and see how it works.
02:19
So for the image, I'm going to just go ahead and browse, too.
02:27
My command file
02:32
okay, and
02:36
I can tell where it's been loaded. If I just right click and inspect this element,
02:43
I can actually see that it's in the uploads directory.
02:49
Okay, so that's helpful. So
02:52
if we open up a new tablets, describe this
03:02
uploads
03:05
cmd dot jsp
03:07
and we have our text box
03:10
and, of course, in the UNIX or the Lenox environment. In order to create a file,
03:15
all we have to do is a command called touch
03:19
and so we can
03:22
do the command, touch space and then just grab
03:27
and then just grab the location
03:31
for a flail,
03:38
okay? And so it states that the file was created.
03:40
We come back over here
03:45
and we refresh our lesson.
03:49
We can see that we have successfully completed the lesson.
03:54
Now, the problems here involve allowing, of course,
03:59
any file to be uploaded. The file was executed ble. So
04:04
when it got uploaded, it then had the ownership of
04:11
the Web server
04:13
and or
04:15
the process that runs, Ah, Web goat in Tomcat,
04:18
which is route in this case. And so
04:20
there's full privilege there to execute that file in this up loads directory.
04:29
So what you would instead want to do is lock down your Web server
04:33
place files that are uploaded to completely different directory. Make them non execute herbal
04:42
A CZ. Well, as if you could afford it, run them through a malware scanner to ensure that you're not also uploading a malicious payload

Up Next

Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By

Instructor Profile Image
Sunny Wear
Instructor