20155326 "Cyber Confrontation" EXP8 Web Foundation Practice

20155326 "Cyber Confrontation" EXP8 Web-based practice content

(1). Web front-end HTML (0.5 points)

Can install normally, start and stop Apache. Understand the HTML, understand the form, understand the get and post methods, and write an HTML containing the form.

(2). Web Front end Javascipt (0.5 points)

Understand the basic JavaScript functionality and understand the DOM. Write JavaScript to verify the user name, password rules.

(3). Web backend: MySQL Foundation: normal installation, start MySQL, build library, create user, change password, build table (0.5 points)

(4). Web backend: Writing PHP Web pages, connecting databases, authenticating users (1 points)

(5). Simplest SQL injection, XSS attack test (1 points)

Function Description: User can login, login user name password saved in the database, login successfully display welcome page.

Project leader needs to complete: after landing can post; session management.

Questions answered after the experiment

(1) What is a form

Forms are primarily responsible for data collection functions in Web pages. Can collect the user's information and the feedback, is the website manager and the browser Communication bridge.

Forms consist of form objects, such as text fields, checkboxes, radio boxes, menus, file address fields, and buttons, all of which are contained in a form structure that is marked by an identifier.

Types of forms include the registration form, message book, site navigation bar, search engine and so on.

(2) The browser can parse what language to run.

Hypertext Markup Language: HTML

Extensible Markup Language: XML

Scripting languages: ASP, PHP, script, JavaScript, VBScript, Perl, Python, ColdFusion, Java, JSP, etc.

(3) What dynamic languages are supported by webserver

ASP language, PHP language and JSP language

Practice Process Record Web front end: HTML

Configure the Apache environment first

Apache is a Web server under Kali, which can be opened by accessing the IP address + port number + file name.

Enter command vi/etc/apache2/ports.conf change the listening port number for apache2 to 5326

Enter the command apachectl start to open Apahce and use NETSTAT-APTN to view the port number to confirm that Apache is turned on correctly.

Firefox input http://127.0.0.1:5236 under Kali can see the last experimental cloned Web page

Use cd/var/www/html to edit test.html in the/var/www/html directory

Write an HTML that contains a form that enables you to login with the input user name and password.

Enter in Firefox: http://127.0.0.1:5326/test.html can open the page, enter a name, password and click Submit.

Since there is no setting to jump to the. php page, it is not possible to jump to another page and I will refine it in the following process.

Web Front end: JavaScript

Use JavaScript to write a function that validates the user name and password, and then prompts for an error message when it is empty.

function nameText(){var name= document.getElementByIdx_x ("username");var divID= document.getElementByIdx_x ("divName");divID.innerHTML="";if(name.value==""){ divID.innerHTML="用户名不能为空"; return false;}}function passText(){var pass= document.getElementByIdx_x ("password");var divIP= document.getElementByIdx_x ("divPass");divIP.innerHTML="";if(pass.value==""){ divIP.innerHTML="密码不能为空"; return false; }}}＜/script＞

JavaScript is a literal translation scripting language, is part of the browser, widely used in the client, the earliest used for HTML pages, to add dynamic features to the Web page

The DOM can be seen as a node, and you can manipulate the DOM to change the Web page using the Javascript language. To change the Web page, you have to tell Javascript which node to change. This is the manipulation of the DOM.

PHP test

Create a new PHP test file vi/var/www/html/test.php

Open http://127.0.0.1:5236/test.php with the browser, you can see the following interface, test success

MySQL Basics

Open SQL Service/etc/init.d/mysql start

Enter Mysql-u Root–p, and follow the prompts to enter the password, the default password is directly enter the MySQL

If you want to modify your password, do the following:

• Input use MySQL; Select MySQL Database

• Enter select User, password, host from user; User names, passwords, and permissions are stored in the users table in the MySQL library

• Enter update user SET Password=password ("New password") WHERE user= ' root '; Change Password

• Enter flush privileges;, UPDATE permissions

• Enter quit quit

Re-enter Mysql-u root–p, detect the new password can be successfully used, can successfully login.

If you are building a table in MySQL, do the following:

Input:

CREATE SCHEMA `库表的名称`; CREATE TABLE `库表的名称`.`users` ( `userid` INT NOT NULL COMMENT ‘‘, `username` VARCHAR(45) NULL COMMENT ‘‘,`password` VARCHAR(256) NULL COMMENT ‘‘, `enabled` VARCHAR(5) NULL COMMENT ‘‘, PRIMARY KEY (`userid`) COMMENT ‘‘);

Then add the user to the table:

use 5326insert into users(userid,username,password,enabled) values(1,‘用户id‘,password("用户密码"),"TRUE");

Enter show databases to view information for the newly created library table

Php+mysql Implement login Web page writing

Enter Vim login.html under the/var/www/html folder to write the login Web page

Then enter the vim login.php to connect to the database via PHP

Enter localhost:5236/login.html in the browser to access your landing page.

In the login page, enter the user name and password stored in the database and click submit for user authentication, there is an error. After analysis, I learned that there should be a problem in the database, the use of the page code is also problematic.

Return to the database, use show tables to view the existing data table, and discover that it is empty.

So, let's go over it again ...

Enter/etc/init.d/mysql Start command to start the MySQL service, and then enter Mysql-u root-p to enter MySQL.

Use show databases; View the existing database and enter the use library name; Use the database LMC that you created earlier.

Use the CREATE TABLE table name (field setting list), set up a data table, show tables, and view the existing data table.

Use the INSERT into table name values (' Value 1 ', ' Value 2 ', ' Value 3 ' ...); Insert data, use SELECT * from table name, query data in table:

Add new users to MySQL and use the grant Select,insert,update,delete on database. * To username @ Login host (can be localhost, also can be remote login IP) identified by "password"; Directive, which means that the Select,insert,update,delete permissions on all tables of a database are granted to a user of an IP login.

After adding a new user, exit, re-login with the new user name and password, login success indicates the success of adding new users.

The PHP code needs to be modified in addition to the modification of the database.

First, regardless of whether the methods in the. php file are modified to post or get, they are consistent with the method in the HTML file.

Then, the users here are my own table names and need to be modified.

127.0.0.1 is the native address, LMC is the user name of the database, Toor is the login password I set previously, LMC is the database name.

Next, the login.html code of the previously compiled login page is changed from # to login.php, that is, after logging in, jump to login.php, and then enter localhost:80/in Firefox. login.html access to your own login page. (The user name here is the previously created user 20155326 and password LMCLMC.)

Enter the table username and password, login for user authentication, authentication successfully appeared welcome interface.

The following interface appears when authentication fails.

SQL injection attacks

SQL injection, by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually achieves a malicious SQL command that deceives the server. Specifically, it is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which can be obtained by entering (malicious) SQL statements in a Web form to a database on a Web site that has a security vulnerability, rather than executing the SQL statement as the designer intended.

Build a website to implement user login, this step has been completed before

Construct SQL statement: Enter ' or 1=1# in the User name input box, enter the password at random

The synthesized SQL query statement at this time is the select * from users where username= ' or 1=1# ' and Password=md5 (")
The following two sentence SQL statements are equivalent:

select * from users where username=‘‘ or 1=1#‘ and password=md5(‘‘)select * from users where username=‘‘ or 1=1

' # ' is equivalent to the comment, will be the following comments out, and 1=1 is always true, so this condition is definitely established, so can successfully login:

We can also save the user name and password in the database via SQL injection, but we have to modify the previous code because if ($result = $mysqli->query ($query _str) in the previously compiled code, this statement does not allow multiple SQL statements to execute , you can implement multiple SQL statements by changing it to if ($result = $mysqli->multi_query ($query _str)).

Enter '; INSERT into users ' values (' lmc1998 ', ' 1998LMC ') in the User name input box; #, open it up to select * from users where username= ";, insert into Users values (' lmc1998 ', ' 1998LMC '), and then login, prompting for login failure.

But when we looked at the database, we found that the insert was successful.

Then, change the code that executes the SQL statement back to if ($result = $mysqli->query ($query _str)) and log in with the newly inserted user name and password.

XSS attack

Cross Site scripting attacks (Scripting), which are not confused with the abbreviations of cascading style sheets (cascading style Sheets, CSS). Therefore, the cross-site scripting attack is abbreviated as XSS. XSS is a computer security vulnerability that often appears in web applications, allowing malicious Web users to embed code into pages that are available to other users. For example, the code includes HTML code and client script. An attacker could bypass access control by using an XSS vulnerability-such as the Origin policy (same). This type of vulnerability is widely known as being used by hackers to write more damaging phishing attacks. For cross-site scripting attacks, the hacker consensus is that cross-site scripting attacks are a new type of "buffer overflow attack", and JavaScript is the new "ShellCode".

Save a picture in the/var/www/html directory

In the User name input box, enter Balabala to read the picture in the/var/www/html directory:

Read successfully, so look is a fake Baidu page ha ha.

Experiment Summary and experience

The experiment was prepared to involve the last semester of network security programming based on the knowledge of Javaweb, the use of the database is still not very understanding, blind to do later will be wrong. Page code is also, have to figure out the inside of the statement, directly paste code is not, you have to connect the code with their own database, here refer to a lot of students of the solution, feel a lot of harvest.

20155326 "Cyber Confrontation" EXP8 Web Foundation Practice