20155330 "Cyber Confrontation" EXP8 Web Foundation

20155330 "Cyber Confrontation" EXP8 Web basic Experiment Question answer

1. What is a form

   • Forms can collect users ' information and feedback, which is the bridge between the website manager and the visitors.

   • Three basic components of a form

     • Form Labels

     • Form fields: Contains text boxes, password boxes, hidden fields, multiline text boxes, check boxes, radio boxes, drop-down selection boxes, file upload boxes, and more

     • Form buttons: Include the Submit button, reset button, and General button.

2. Browser can parse what language to run

   • Hypertext Markup Language: HTML
   • Extensible Markup Language: XML
   • Scripting languages: ASP, PHP, script, JavaScript, VBScript, Perl, Python, ColdFusion, Java, JSP, etc.
3. What dynamic languages are supported by webserver
   • PHP language, JSP language.

Experiment Summary and experience

The experimental process encountered a lot of problems, but all solved, feel very happy, especially the last picture show out. The experiment also felt that the use of MySQL database is less skilled, often forget to add a semicolon after the command ah what. From this experiment also preliminary understanding of some of the basic knowledge of web attacks, in the web development should be careful to avoid common attack means.

Practice Process Record (i) Environment configuration

• Use apache -v to view the Apache version status of a native installation.

• Use to netstat -aptn view port occupancy.

• Use the port that Apache uses to vi /etc/apache2/ports.conf set up, here the listening port changed to its own number 5330.

  
  

• by systemctl start apache2 turning on Apach.

• Use the netstat -aptn view port again (before killing the process that consumes the other ports) and discover that Apache2 occupies 5330 ports.

• Test whether Apache is working: Enter on Kali's firefox browser 127.0.0.1:5330 or localhost:5330 (here the port number is the /etc/apache2/ports.conf Apache listener port number set below, I set it for my own school number. localhost refers to the IP address of the Kali (where I use a loopback address to also test)). The test results are as follows:

  (ii) Programming the front-end of web page writing

• Use the following command to /var/www/html edit the test page in the directory test.html .

  cd /var/www/htmltouch test.htmlvi test.html

  • Page code

• Enter a URL in the firefox browser to 127.0.0.1:5330/test.html open the page

• Click on login the page to jump, but jump failed. The reason is that PHP backend files have not been written yet.

  Javascript

• Make improvements to your Web page code and add JavaScript statements.

  • Enter the user name without entering a password. Prompt to enter a password.
  • Enter the password without entering the user name. Prompt for user name.
  • Both are entered. Success.

  PHP back end

• /var/www/htmlEdit the test php file in the directory login.php .

  <?phpecho ($_GET["a"]);include($_GET["a"]);echo "This is lxm php test page!<br>";?>

• Open the browser 127.0.0.1:5330/login.php?a=/etc/passwd to see the contents of the/etc/passwd file

  (c) MySQL Foundation

• Use the /etc/init.d/mysql start command to open the SQL service.

• Input and enter mysql -u root –p the password as prompted (the default password is) to enter [email protected] MySQL.

• Input show databases; , view basic information

• Changing the MySQL user password can be done in the following ways:
  • Input use mysql; select MySQL database;
  • Input select user, password, host from user; , the user name, password and permission are stored in MySQL library;
  • Input UPDATE user SET password=PASSWORD("新密码") WHERE user=‘root‘; ;
  • Enter flush privileges; update permissions;
  • Enter quit exit.

• Re mysql -u root –p -Enter, enter the password to detect whether the new password can be successfully used, login success.

• Build a table in MySQL
  • create database zy;Create a database
  • use zy;Enter the database
    
  • create table zy (username VARCHAR(20),password VARCHAR(20));Create a data table
  • insert into zy values(‘zy‘,‘5330‘);Adding information to a database
    

  • select * from zy;Viewing the contents of a database

• New User: grant select,insert,update,delete on 数据库.* to 用户名@localhost identified by "密码"; grants the Select,insert,update,delete permission to a user for all tables in a database.

• After exiting, enter mysql -u 用户名 –p login. Success.

  (iv) PHP+MYSQL implementation of the landing page writing

• Edit test2.html under the/var/www/html folder

• Edit login.php in the same directory to connect to the database via PHP
  

• firefox 127.0.0.1:5330/test2.html You can access your landing page by typing it in the browser.

• Enter the user name and password stored in the database in the login page and click submit for user authentication login is successful, the input database does not have authentication failure

• Landed successfully.

Problems encountered

• The following information is displayed on the page during the sign-in jump:
  

• The final discovery is that there is a problem with the value in the statement in the PHP file $mysqli = new mysqli("127.0.0.1", "zy", "123456", "zy"); . Successfully landed after the change. The first one corresponds to the zy MySQL user name, the 123456 user password, and the second zy is the name of the database to be used.

  (v) SQL injection

• The vulnerability is a syntax-based vulnerability, followed by an injection of the login site that was just established.

• Constructs the SQL injection statement: Enters in the user name input box ‘ or 1=1# , the password arbitrarily enters, at this time the synthesis SQL query statement isselect * from users where username=‘‘ or 1=1#‘ and password=m‘‘
  That is, the following two sentences are equivalent to the SQL statement:

  select * from users where username=‘‘ or 1=1#‘ and password=‘‘

  select * from users where username=‘‘ or 1=1

• The function of the "#" is to comment out the following statements, and as a permanent representation it is always true that the 1=1 WHERE clause is always real, so it is possible to log on successfully.

  
  

Save the user name and password in the database with SQL injection

• Because the judgment statement in the previous code if ($result = $mysqli->query($query_str)) does not allow multiple SQL statements to execute, it is changed if ($result = $mysqli->multi_query($query_str)) to execute multiple SQL statements.

• Enter in the User name input box ‘;insert into lxmtable values(‘xx‘,‘5330‘,‘1234567890‘);# and take it apart to see

  SELECT * FROM lxmtable WHERE username=‘‘;

  insert into lxmtable values(‘xx‘,‘5330‘,‘1234567890‘);

• View the data in the database and find a new piece xx 5330 of data indicating that the insert was successful

• Log in using the inserted user name and password.

• Success.

(vi) XSS attack

• In the User name input box, enter /var/www/html the picture under Read directory:

  
  
  

Problems encountered

• Unable to display a picture at first

• Right-click on the picture that does not appear as shown in the warning:
  

• /var/www/html chmod 755 22.png succeeded after obtaining permission for the picture under the directory.

  Reference articles
• MySQL Login error "Access denied for user ' root ' @ ' localhost ' (using Password:yes" processing method)

• Fix the problem "you don't have permission to access/index.html on this server."

20155330 "Cyber Confrontation" EXP8 Web Foundation