Pentesting AssignmentWelcome to UrBank

Login

Username :

Password :

Remember Me

Here is your task: The preg$\_$replace$(\text{'}/$s$/$i$\text{'},",)$ function disallows some SCRIPT elements from being executed. Your task is to find a SCRIPT element that will execute.

To bypass this function, follow these steps:

Refer to reputable sources for an explanation of how the preg$\_$replace function works.

Research code vulnerability databases to see how others have bypassed this control.

Pentest the site armed with the information learned and the procedure demonstrated in this section.

$1.$ Click the START button in the adjoining window.

$1.$ Click the Kali workstation icon in the topology.

$2.$ Type root in the username field and press Enter.

$3.$ Type P@ssw$0$rd into the Password field and press Enter.

$1.$ Execute the following command and provide the password when prompted

to establish an SSH session with urbank.com.

root@Hacker:~# ssh support@urbank.com

support@urbank.com's password: P@ssw$0$rd

Note: the password will not be displayed as you type it for security reasons.

$3.$ Execute the following and provide the password when prompted to run the setup script.

support@Web:~$ LAB$06$B

$[$sudo$]$ password for support: P@ssw$0$rd

Note: if you submit an incorrect password, then script may only partially run and you may have to

restart the session. Also note: you should wait for the script to complete before continuing.

$3.$ Execute the following command to open UrBank's homepage into a text editor.

support@Web:~$ sudo nano $-$c $/$var$/$www$/$WebServer$/$index$.$php

$3.$ Add preg$\_$replace$(\text{'}/$s$/$i$\text{'},",)$; to line $15.$

$4.$ Press and hold the Ctrl key and press the x key $($Ctrl$+$x$).$

$5.$ Press the y key.

$6.$ Press Enter.

$9.$ Click the close button on the terminal.

$9.$ Click the Iceweasel icon on the launcher.

$1.$ Navigate to urbank.com, then append $/?$myusername$=$ to the URL along with the SCRIPT

element you believe can bypass the control and press Enter.

Here is how you can tell if you are bypassing the control:

$$ If the JavaScript executes

$$ If the complete SCRIPT element gets injected

When finished please remember to terminate your session.

$5.$ Click Stop button in the topology.

PREVIOU Processing triggers for libc$-$bin $...$

ldconfig deferred$-$processing$-$now$-$taking place

support@Web: q sudo nano $-$c $/$var$/$www$/$WebServer$/$index$.$php

$,$ Add preg$\_$replace$(\text{'}/$s$/$i$\text{'},",)$; to line $15.$

Press and hold the Ctrl key and press the $x$ key $(Ctrl+x).$

Press the y key. Press Enter.

Click the close button on the terminal.

Click the Iceweasel icon on the launcher.

Navigate to

urbank.com, then append $/?$myusername$=$ to the URL along with the SCRIPT

element you believe can bypass the control and press Enter. Click the Iceweasel icon on the launcher.

Navigate to

urbank.com, then append $/?$myusername$=$ to the URL along with the SCRIPT

element you believe can bypass the control and press Enter. Welcome to UrBank

Login

Username :

Password :

Remember Me

Here is how you can tell if you are bypassing the control:

If the JavaScript executes

If the complete SCRIPT element gets injected

When finished please remember to terminate your session.

Click Stop button in the topology.

$/?$myusername$=$ipt$>$alert$(\text{'}$Bypassed$!\text{'})$ipt$>$

That script doesn't work. Tiried with the word Bypassed, and SS were stripped, got an aleret of "Bypaed".

All the above scriots won't work.

Am getting frustrated.