Bonus Activity: The Cookie Jar For this challenge, you'll once again use (cur1), but this time...

Transcribed Image Text:

Bonus Activity: The Cookie Jar For this challenge, you'll once again use (cur1), but this time you'll use it to manage and swap sessions. Heads Up: In order to complete this activity, you must have WordPress set up from the Swapping Sessions activity on Day 1 of this module. If you have not completed the activity or WordPress is improperly set up, please refer to the Day 1 student guide and the Swapping Sessions activity file. Recall that on Day 1 of this module, you used Google Chrome's Cookie-Editor extension to swap sessions and cookies. For this Challenge activity, you'll use the command-line tool (curl) to practice swapping cookies and sessions within the WordPress app. It is important for cybersecurity professionals to know how to manage cookies with cur1). Web application security engineers need to regularly ensure cookies are both functional and safe from tampering. For example, you might need to request a cookie from a webpage and then test various HTTP responses using that cookie. Doing this over and over through the browser is tedious, but can be automated with scripts. The same concept applies for penetration testers and hackers: (cur]) is used to quickly save a cookie in order to test various exploits. For example, an HTTP server may be configured so that, in order to POST data to specific pages, clients need to have cookies or authentication information set in their request headers, which the server will verify. Revisiting curl Recall that you used (curl) to craft different kinds of requests for your (cur1) activity, and that you used the Chrome extension Cookie-Editor to export and import cookies and swap sessions. There will be many systems in which you will need to test requests and cookies that will not connect to a browser or browser extension. curl] not only allows users to examine headers, send data, and authenticate to servers, but also to save and send cookies through two cur1) options: -cookie-jar) and --cookie) These two options work just like Cookie-Editor, but on the command line. --cookie-jar) allows a curl user to save the cookies set within a response header into a text file. --cookie) allows a user to specify a text file where a cookie is saved, in order to send a request with the cookies embedded in the request header. Let's create a [cur) command that will log in to a webpage with a supplied username and password, and also save the server's response that should contain a cookie. Logging In and Saving Cookies with curl If you want to use the cur1) command to log in to an account, (Aranda), with the password password), use the following curl] options: curl --cookie-jar ./amandacookies.txt --form "log-Amanda" --form "pwd-password" http://localhost:8888/wp-login.php --verbose . cur1): The tool that you are using. --cookie-jar: Specifies where you will save the cookies. ./anandacookies.txt: Location and file where the cookies will be saved. ---form): Lets you pick the login username and password forms that you set in your user info earlier. In this case, it's your username. log-Aranda): How WordPress understands and accepts usernames. --form): Lets you pick the login username and password forms that you set in our user info earlier. In this case it's your password. pwd-password: How WordPress understands and accepts passwords. http://localhost:8888/wp-login.php): Your WordPress login page. --verbose): Outputs more specific description about the actions the command is taking. Run the command: curl --cookie-jar-/amandacookies.txt -form "log-Amanda" --form "pwd-password" http://localhost:8888/wp-login.php --verbose If the site confirms your credentials, it will give you a cookie in return, which (cur]) will save in the cookie jar file /amandacookies.txt Now, let's use that saved cookie on a page that requires you to be logged in. Using a Saved Cookie To use a saved cookie, use the following curl] syntax: curl cookie./amandacookies.txt http://localhost:8888/up-admin/users.php O (cur1): The tool that you are using. --cookie): Precedes the location of your saved cookie that you want to use. 0 -/arandacookies.txt): Location and file where the cookies are saved. 0 http://localhost:8888/wp-admin/users.php): A page that requires authentication in order to view it properly. Note that you are not going to the login page, because supplying a cookie in this instance assumes that you are already logged in. 0 Now that you know how to use the cur1) cookie jar, you can complete this bonus activity. Bonus Activity Instructions: The Cookie Jar First, using Docker Compose, navigate to the Day 1 WordPress activity directory and bring up the container set: [/home/sysadmin/Documents/docker_files Using curl], do the following for the Ryan user: Log in to WordPress and save the user's cookies to a cookie jar. Test a WordPress page by using a cookie from the cookie jar. Pipe the output from the cookie with grep) to check for authenticated page access. Attempt to access a privileged WordPress admin page. Step 1: Set Up Create two new users: Amanda and Ryan. 1. Navigate to localhost:8888/wp-admin/ 2. On the left-hand toolbar, hover over "Users" and click "Add New." 3. Enter the following information to create the new user named Amanda: Username: Amanda) Email: amanda@email.com 4. Skip down to password: o Password: (password) Confirm Password: Check the box to confirm use of weak password. o Role: Administrator 5. Create another user named Ryan. Username: Ryan o Email: ryan@email.com 6. Skip down to password: o Password: (123456 Confirm Password: Check the box to confirm use of weak password. o Role: [Editor 7. Log out, and log in with the following credentials: Username: Amanda Password: password Step 2: Baselining For these "baselining" steps, you'll log in to two different types of accounts to see how the WordPress site looks at the localhost:8988/up-admin/users.php) page. You want to see how the Users page looks from the perspective of an administrator vs. a regular user. 1. Using your browser, log in to your WordPress site as your sysadmin account, and navigate to localhost:8890/wp-admin/users.php), where you previously created the user Ryan. Examine this page briefly. Log out. 2. Using your browser, log in to your Ryan account, and attempt to navigate to (localhost:8888/wp-admin/index.php). Note the wording on your Dashboard. 3. Attempt to navigate to localhost:8080/wp-admin/users.php). Note what appears now. Log out in the browser. Step 3: Using Forms and a Cookie Jar Navigate to (-/Documents) in a terminal to save your cookies. 1. Construct a (cur) request that enters two forms, "log-{username}") and "pwd-(password)"), and goes to http://localhost:8888/wp-login.php). Enter Ryan's credentials where there are placeholders. Question 1: Did you see any obvious confirmation of a login? (Y/N) 2. Construct the same (cur]) request, but this time, add the option and path to save your cookie: --cookie-jar ./ryancookies.txt). This option tells (curl] to save the cookies to the (ryancookies.txt) text file. 3. Read the contents of the (ryancookies.txt) file. o Question 2: How many items exist in this file? Note that each one of these is a cookie that was granted to Ryan after logging in. Step 4: Log in Using Cookies 1. Craft a new (curl] command that now uses the cookie) option, followed by the path to your cookies file. For the URL, use (http://localhost:8888/wp-admin/index.php Question 3: Is it obvious that you can access the dashboard? (Y/N) Question 3: Is it obvious that you can access the dashboard? (Y/N) 2. Press the up arrow on your keyboard to run the same command, but this time, pipe | grep Dashboard) to the end of your command to return all instances of the word (Dashboard) on the page. Question 4: Look through the output where (Dashboard) is highlighted. Does any of the wording on this page seem familiar? (Y/N) If so, you should be successfully logged in to your Editor's dashboard. Step 5: Test the Users.php Page 1. Finally, write a (cur]) command using the same --cookie ryancookies.txt) option, but attempt to access (http://localhost:8888/wp-admin/users.php Question 5: What happens this time? Submission Guidelines After you complete your Submission File, title it with the following format: < YOUR NAME > < Web Development Challenge > Make sure to set the file permissions so that anyone can view and comment on your document. Submit the URL of your Submission File Google Doc through Canvas. Bonus Activity: The Cookie Jar Question 1: Did you see any obvious confirmation of a login? (Y/N) [Enter answer here] Question 2: How many items exist in this file? [Enter answer here] Question 3: Is it obvious that you can access the dashboard? (Y/N) [Enter answer here] Question 4: Look through the output where Dashboard is highlighted. Does any of the wording on this page seem familiar? (Y/N) If so, you should be successfully logged in to your Editor's dashboard. [Enter answer here] Question 5: What happens this time? [Enter answer here] Bonus Activity: The Cookie Jar For this challenge, you'll once again use (cur1), but this time you'll use it to manage and swap sessions. Heads Up: In order to complete this activity, you must have WordPress set up from the Swapping Sessions activity on Day 1 of this module. If you have not completed the activity or WordPress is improperly set up, please refer to the Day 1 student guide and the Swapping Sessions activity file. Recall that on Day 1 of this module, you used Google Chrome's Cookie-Editor extension to swap sessions and cookies. For this Challenge activity, you'll use the command-line tool (curl) to practice swapping cookies and sessions within the WordPress app. It is important for cybersecurity professionals to know how to manage cookies with cur1). Web application security engineers need to regularly ensure cookies are both functional and safe from tampering. For example, you might need to request a cookie from a webpage and then test various HTTP responses using that cookie. Doing this over and over through the browser is tedious, but can be automated with scripts. The same concept applies for penetration testers and hackers: (cur]) is used to quickly save a cookie in order to test various exploits. For example, an HTTP server may be configured so that, in order to POST data to specific pages, clients need to have cookies or authentication information set in their request headers, which the server will verify. Revisiting curl Recall that you used (curl) to craft different kinds of requests for your (cur1) activity, and that you used the Chrome extension Cookie-Editor to export and import cookies and swap sessions. There will be many systems in which you will need to test requests and cookies that will not connect to a browser or browser extension. curl] not only allows users to examine headers, send data, and authenticate to servers, but also to save and send cookies through two cur1) options: -cookie-jar) and --cookie) These two options work just like Cookie-Editor, but on the command line. --cookie-jar) allows a curl user to save the cookies set within a response header into a text file. --cookie) allows a user to specify a text file where a cookie is saved, in order to send a request with the cookies embedded in the request header. Let's create a [cur) command that will log in to a webpage with a supplied username and password, and also save the server's response that should contain a cookie. Logging In and Saving Cookies with curl If you want to use the cur1) command to log in to an account, (Aranda), with the password password), use the following curl] options: curl --cookie-jar ./amandacookies.txt --form "log-Amanda" --form "pwd-password" http://localhost:8888/wp-login.php --verbose . cur1): The tool that you are using. --cookie-jar: Specifies where you will save the cookies. ./anandacookies.txt: Location and file where the cookies will be saved. ---form): Lets you pick the login username and password forms that you set in your user info earlier. In this case, it's your username. log-Aranda): How WordPress understands and accepts usernames. --form): Lets you pick the login username and password forms that you set in our user info earlier. In this case it's your password. pwd-password: How WordPress understands and accepts passwords. http://localhost:8888/wp-login.php): Your WordPress login page. --verbose): Outputs more specific description about the actions the command is taking. Run the command: curl --cookie-jar-/amandacookies.txt -form "log-Amanda" --form "pwd-password" http://localhost:8888/wp-login.php --verbose If the site confirms your credentials, it will give you a cookie in return, which (cur]) will save in the cookie jar file /amandacookies.txt Now, let's use that saved cookie on a page that requires you to be logged in. Using a Saved Cookie To use a saved cookie, use the following curl] syntax: curl cookie./amandacookies.txt http://localhost:8888/up-admin/users.php O (cur1): The tool that you are using. --cookie): Precedes the location of your saved cookie that you want to use. 0 -/arandacookies.txt): Location and file where the cookies are saved. 0 http://localhost:8888/wp-admin/users.php): A page that requires authentication in order to view it properly. Note that you are not going to the login page, because supplying a cookie in this instance assumes that you are already logged in. 0 Now that you know how to use the cur1) cookie jar, you can complete this bonus activity. Bonus Activity Instructions: The Cookie Jar First, using Docker Compose, navigate to the Day 1 WordPress activity directory and bring up the container set: [/home/sysadmin/Documents/docker_files Using curl], do the following for the Ryan user: Log in to WordPress and save the user's cookies to a cookie jar. Test a WordPress page by using a cookie from the cookie jar. Pipe the output from the cookie with grep) to check for authenticated page access. Attempt to access a privileged WordPress admin page. Step 1: Set Up Create two new users: Amanda and Ryan. 1. Navigate to localhost:8888/wp-admin/ 2. On the left-hand toolbar, hover over "Users" and click "Add New." 3. Enter the following information to create the new user named Amanda: Username: Amanda) Email: amanda@email.com 4. Skip down to password: o Password: (password) Confirm Password: Check the box to confirm use of weak password. o Role: Administrator 5. Create another user named Ryan. Username: Ryan o Email: ryan@email.com 6. Skip down to password: o Password: (123456 Confirm Password: Check the box to confirm use of weak password. o Role: [Editor 7. Log out, and log in with the following credentials: Username: Amanda Password: password Step 2: Baselining For these "baselining" steps, you'll log in to two different types of accounts to see how the WordPress site looks at the localhost:8988/up-admin/users.php) page. You want to see how the Users page looks from the perspective of an administrator vs. a regular user. 1. Using your browser, log in to your WordPress site as your sysadmin account, and navigate to localhost:8890/wp-admin/users.php), where you previously created the user Ryan. Examine this page briefly. Log out. 2. Using your browser, log in to your Ryan account, and attempt to navigate to (localhost:8888/wp-admin/index.php). Note the wording on your Dashboard. 3. Attempt to navigate to localhost:8080/wp-admin/users.php). Note what appears now. Log out in the browser. Step 3: Using Forms and a Cookie Jar Navigate to (-/Documents) in a terminal to save your cookies. 1. Construct a (cur) request that enters two forms, "log-{username}") and "pwd-(password)"), and goes to http://localhost:8888/wp-login.php). Enter Ryan's credentials where there are placeholders. Question 1: Did you see any obvious confirmation of a login? (Y/N) 2. Construct the same (cur]) request, but this time, add the option and path to save your cookie: --cookie-jar ./ryancookies.txt). This option tells (curl] to save the cookies to the (ryancookies.txt) text file. 3. Read the contents of the (ryancookies.txt) file. o Question 2: How many items exist in this file? Note that each one of these is a cookie that was granted to Ryan after logging in. Step 4: Log in Using Cookies 1. Craft a new (curl] command that now uses the cookie) option, followed by the path to your cookies file. For the URL, use (http://localhost:8888/wp-admin/index.php Question 3: Is it obvious that you can access the dashboard? (Y/N) Question 3: Is it obvious that you can access the dashboard? (Y/N) 2. Press the up arrow on your keyboard to run the same command, but this time, pipe | grep Dashboard) to the end of your command to return all instances of the word (Dashboard) on the page. Question 4: Look through the output where (Dashboard) is highlighted. Does any of the wording on this page seem familiar? (Y/N) If so, you should be successfully logged in to your Editor's dashboard. Step 5: Test the Users.php Page 1. Finally, write a (cur]) command using the same --cookie ryancookies.txt) option, but attempt to access (http://localhost:8888/wp-admin/users.php Question 5: What happens this time? Submission Guidelines After you complete your Submission File, title it with the following format: < YOUR NAME > < Web Development Challenge > Make sure to set the file permissions so that anyone can view and comment on your document. Submit the URL of your Submission File Google Doc through Canvas. Bonus Activity: The Cookie Jar Question 1: Did you see any obvious confirmation of a login? (Y/N) [Enter answer here] Question 2: How many items exist in this file? [Enter answer here] Question 3: Is it obvious that you can access the dashboard? (Y/N) [Enter answer here] Question 4: Look through the output where Dashboard is highlighted. Does any of the wording on this page seem familiar? (Y/N) If so, you should be successfully logged in to your Editor's dashboard. [Enter answer here] Question 5: What happens this time? [Enter answer here]

Answer rating: 100% (QA)

It seems youve shared images from an exercise or a tutorial related to cybersecurity specifically managing cookies and session management using curl i... View the full answer