top of page
  • Writer's pictureSai Narayan

Class Notes Day 6 - practical of confidentiality, integrity and availability and more



hacking-for-impact-practical-demonstrations-of-confidentiality-integrity-and-availability-
.
Download • 38.08MB

Download material here




### 1. Practical Implementation of Confidentiality Impact Using Nikto


#### a. Practical Analysis of Path Traversal Vulnerability


**Objective**: To analyze and potentially exploit path traversal vulnerabilities by understanding the local machine folder structure formats using Nikto.


**Step-by-Step Guide**:


1. **Setup**:

- **Installation**: Download and install Nikto from its official repository.

- **Target**: Set up a local server with a web application vulnerable to path traversal.


2. **Understanding Path Traversal**:

- **Concept**: Path traversal is a vulnerability that allows attackers to read arbitrary files on the server’s filesystem.

- **Folder Structure**: Understand the folder structure of your local machine to identify potential vulnerable points.


3. **Using Nikto**:

- **Command**: Run Nikto with appropriate commands targeting your local server.

- **Analysis**: Analyze the results to identify potential path traversal vulnerabilities.


4. **Exploitation**:

- **Crafting Payload**: Craft a payload to exploit the identified path traversal vulnerability.

- **Executing Payload**: Use Nikto to send the crafted payload and analyze the server's response.


5. **Report and Mitigation**:

- **Report**: Document the vulnerability, including the vulnerable endpoint and potential impact.

- **Mitigation**: Propose mitigation strategies such as input validation and proper configuration.


### 2. Practical Implementation of Integrity Impact Using Burp Suite


**Objective**: To demonstrate the impact on data integrity by modifying requests in Google search using Burp Suite.


**Step-by-Step Guide**:


1. **Setup**:

- **Installation**: Download and install Burp Suite from its official website.

- **Browser Configuration**: Configure your browser to work with Burp Suite by setting up the appropriate proxy settings.


2. **Using Burp Suite**:

- **Intercept**: Set Burp Suite to intercept the requests from your browser.

- **Google Search**: Perform a Google search and intercept the request using Burp Suite.


3. **Modification of Requests**:

- **Analysis**: Analyze the intercepted request to identify the parameters and structure.

- **Modification**: Modify the request parameters such as changing the search query.


4. **Observing the Impact**:

- **Forwarding the Request**: Forward the modified request and observe the changes in the search results.

- **Impact Analysis**: Analyze the potential impacts of such modifications on data integrity.


### 3. Practical Implementation of Availability Impact Using SlowHTTP


**Objective**: To demonstrate the impact on server availability through the execution of a SlowHTTP attack on a local server.


**Step-by-Step Guide**:


1. **Setup**:

- **Installation**: Download and install the SlowHTTP tool from its official repository.

- **Target Server**: Set up a local server to act as the target for your SlowHTTP attack.


2. **Understanding SlowHTTP**:

- **Concept**: SlowHTTP is a type of Denial of Service (DoS) attack that aims to make a server unavailable by consuming all available connections with slow HTTP requests.

3. **Executing the Attack**:

- **Command**: Use the SlowHTTP tool to initiate an attack on your local server by crafting slow HTTP requests.

- **Monitoring the Server**: Monitor the server's response and resource utilization to observe the impact of the attack.


4. **Analysis and Mitigation**:

- **Analysis**: Analyze the effect of the attack on the server's availability.

- **Mitigation**: Propose potential mitigation strategies such as implementing rate limiting and timeouts.


**Note**: All these practical demonstrations should be conducted in a controlled and legal environment, preferably with explicit permission to avoid legal repercussions.


I hope this gives you a solid grounding to proceed with these implementations. Let me know if you have any further queries or need additional details!

30 views0 comments

Comments


bottom of page