top of page
Writer's pictureSai Narayan

Class Notes Day 6 - practical of confidentiality, integrity and availability and more




Download material here




### 1. Practical Implementation of Confidentiality Impact Using Nikto


#### a. Practical Analysis of Path Traversal Vulnerability


**Objective**: To analyze and potentially exploit path traversal vulnerabilities by understanding the local machine folder structure formats using Nikto.


**Step-by-Step Guide**:


1. **Setup**:

- **Installation**: Download and install Nikto from its official repository.

- **Target**: Set up a local server with a web application vulnerable to path traversal.


2. **Understanding Path Traversal**:

- **Concept**: Path traversal is a vulnerability that allows attackers to read arbitrary files on the server’s filesystem.

- **Folder Structure**: Understand the folder structure of your local machine to identify potential vulnerable points.


3. **Using Nikto**:

- **Command**: Run Nikto with appropriate commands targeting your local server.

- **Analysis**: Analyze the results to identify potential path traversal vulnerabilities.


4. **Exploitation**:

- **Crafting Payload**: Craft a payload to exploit the identified path traversal vulnerability.

- **Executing Payload**: Use Nikto to send the crafted payload and analyze the server's response.


5. **Report and Mitigation**:

- **Report**: Document the vulnerability, including the vulnerable endpoint and potential impact.

- **Mitigation**: Propose mitigation strategies such as input validation and proper configuration.


### 2. Practical Implementation of Integrity Impact Using Burp Suite


**Objective**: To demonstrate the impact on data integrity by modifying requests in Google search using Burp Suite.


**Step-by-Step Guide**:


1. **Setup**:

- **Installation**: Download and install Burp Suite from its official website.

- **Browser Configuration**: Configure your browser to work with Burp Suite by setting up the appropriate proxy settings.


2. **Using Burp Suite**:

- **Intercept**: Set Burp Suite to intercept the requests from your browser.

- **Google Search**: Perform a Google search and intercept the request using Burp Suite.


3. **Modification of Requests**:

- **Analysis**: Analyze the intercepted request to identify the parameters and structure.

- **Modification**: Modify the request parameters such as changing the search query.


4. **Observing the Impact**:

- **Forwarding the Request**: Forward the modified request and observe the changes in the search results.

- **Impact Analysis**: Analyze the potential impacts of such modifications on data integrity.


### 3. Practical Implementation of Availability Impact Using SlowHTTP


**Objective**: To demonstrate the impact on server availability through the execution of a SlowHTTP attack on a local server.


**Step-by-Step Guide**:


1. **Setup**:

- **Installation**: Download and install the SlowHTTP tool from its official repository.

- **Target Server**: Set up a local server to act as the target for your SlowHTTP attack.


2. **Understanding SlowHTTP**:

- **Concept**: SlowHTTP is a type of Denial of Service (DoS) attack that aims to make a server unavailable by consuming all available connections with slow HTTP requests.

3. **Executing the Attack**:

- **Command**: Use the SlowHTTP tool to initiate an attack on your local server by crafting slow HTTP requests.

- **Monitoring the Server**: Monitor the server's response and resource utilization to observe the impact of the attack.


4. **Analysis and Mitigation**:

- **Analysis**: Analyze the effect of the attack on the server's availability.

- **Mitigation**: Propose potential mitigation strategies such as implementing rate limiting and timeouts.


**Note**: All these practical demonstrations should be conducted in a controlled and legal environment, preferably with explicit permission to avoid legal repercussions.


I hope this gives you a solid grounding to proceed with these implementations. Let me know if you have any further queries or need additional details!

30 views0 comments

Recent Posts

See All

Commentaires


bottom of page