2018Tue29May

Using N-Stalker Tool to Scan Web Applications

Permalink | Shortlink | Comments (0) | TrackbackFiled in Uncategorized
  1. Launch N-Stalker, wait till the GUI appears then click ‘ Update ‘ to update application

Screen Shot 2018-05-29 at 21.41.10

2. N-Stalker will soon update the database, wait some few minutes

Screen Shot 2018-05-29 at 21.44.36

3. After the database update complete, click Start to rescan a new session

Screen Shot 2018-05-29 at 21.44.44

4. In the N-Stalker wizard, enter a URL of the web apps that will be scanned. For this example we use http://10.0.0.2/goodshopping. Choose OWASP Policy in Scan Policy tab then click next

Screen Shot 2018-05-29 at 21.44.53

5. URL Restriction box will pop-up, click yes to continue

Screen Shot 2018-05-29 at 21.45.04

6. Click Optimize Settings, leave it default and click yes

Screen Shot 2018-05-29 at 21.45.11

7. Click yes on the Settings not Optimized box

Screen Shot 2018-05-29 at 21.45.17

8. Click Review Summary, then click Start Session

Screen Shot 2018-05-29 at 21.45.23

9. Start Scan after complete finishing the configuration of N-Stalker to start scanning the website

Screen Shot 2018-05-29 at 21.58.36

10. It will soon scan the website, as the chart is moving

Screen Shot 2018-05-29 at 21.58.43

11. Let the apps scan the website. It has 4 steps which are Spider, Info Gather, Run modules, Sig Scanner

Screen Shot 2018-05-29 at 21.59.36

12. After finish the scanning, wizard box will appear. Click save  scan result and keep scan session for further analysis, and then ‘ Next ‘

Screen Shot 2018-05-29 at 21.59.42

13. Summary of vulnerabilities will be shown, click done after finish examine that

Screen Shot 2018-05-29 at 21.59.50

14. On the left side, expand all nodes to see websites pages

Screen Shot 2018-05-29 at 22.00.06

15. Complete scan results can be seen the dashboard, it can also expand all the vulnerabilities of site’s vulnerabilities

Screen Shot 2018-05-29 at 22.00.27

 

Posted by : Raden Aditya Pribadi – CS2020 – 2001605116

Posted by aldosugiarto May 29, 2018 at 3:10 pm
2018Tue29May

Using WebCruiser Tool for SQL Injection Testing

Permalink | Shortlink | Comments (0) | TrackbackFiled in Uncategorized
  1. Launch Web Cruiser apps and wait till the main windows appears

Screen Shot 2018-05-29 at 14.53.33

2. Enter the URL that will be scanned, this example we use http://10.0.0.2/goodshopping where 10.0.0.2 is the server of the host machine where the website is hosted. Click ‘ Scan Site ‘ to start the scanning

Screen Shot 2018-05-29 at 14.53.48

3. If a software disclaimer pop-up appears, click OK to proceed

Screen Shot 2018-05-29 at 14.54.00

4. The scanning start with URL scan, but it also show the vulnerabilities as well as the site structure as seen in the screenshoot

Screen Shot 2018-05-29 at 14.54.12

5. Try to right click each of the vulnerabilities, then click SQL Injection POC  which is Proof of  Concept

Screen Shot 2018-05-29 at 14.54.20

5. It will launch the SQL Injection then click ‘ Get Environment Information ‘

Screen Shot 2018-05-29 at 14.54.32

6. It shows information about environments which the site is hosted. By collecting vulnerabilities information, attacker can simulate exploitation to hack a web application to gain unauthorized information.

Posted by : Raden Aditya Pribadi – CS2020 – 2001605116

Posted by aldosugiarto May 29, 2018 at 8:13 am