computer science

Overview

GlobalComm has hired you as an offensive security consu

ltant. You have been

tasked with writing a

penetrating test report against the web application

of

GlobalComm

-

DVWA

. The expectation is you use active information gathering

techniques and methods to

exploit web applications.

R

ules of engagement

•

The only c

omputer that should targeted is

Metasploitable

•

Students must of preformed the lab preparation assignment before

continuing

Ta

sks

and expectations

•

Show proficiency

Web application security

•

Write a

response to the tasks and questions below

Technical

Questions

For this lab report screenshots of every command is not needed, please use your

judgment when documenting this. Screenshots again should be used but limited.

I

do not want 5 pages of screenshots;

additionally use the cropping tool to tighten the

screenshots that are used.

Web Application Assessment

The CTO of GlobalComm has requested an in

-

depth assessment

of the Web

Applications running on the Linux virtual machine provided.

A report should be

written outlining the risk the curre

nt system has and recommendations on how to

resolve them.

DVWA should be the focus of the report but feel free to include an

assessment of the other web applications running. Within the report you should

explain the following:

•

Information gathering

•

Vulner

ability identification

•

Authentication weaknesses

•

Web Application

Exploitation

o

4 Exploits should be demonstrated

!

1 SQL injection attack

!

1 attack using SQL Map

!

1 attack using demonstrating a web shell

!

1 attack of choice

o

1

additional

Exploit with DVWA in medium

will award you 5 bonus

points

•

Data e

xfiltration

or disc

losure

possibilities

should be outline and explain the

risk in

-

depth.

•

Remediation

steps and action items to resolve issues

identified

should be

elaborated

on.