IT-Master | CompTIA Security+ PBQ Lab

📋 Scenario

IT-Master is creating an Internet-facing website that provides lab resources to developers working remotely. The company will initially deploy the website on-premises.

Due to budget constraints, IT-Master hired a novice contractor to create a simple web interface where users enter a username and password for remote access to on-premises lab resources. The web interface includes a code repository, official documentation, and a remote desktop service application linked to an internal lab virtual machine to test newly developed software code.

The IT management team has hired you as an independent IT security contractor to test the website and to ensure a level of security exists to protect the website and the internal network from common web application attacks. You must try to find a common web application vulnerability and exploit it. Determine what you can find from the exploitation and, if required, recommend a basic and cheap solution.

Instructions: Based on the scenario and provided info, use the dropdown selectors and checkboxes to initiate a web application attack, then determine how to prevent it and what information an attacker can gather from the attack results.

https://www.it-master-website.com/index.php?page=login.php

↓ The web page output result of one of your URL manipulations:

root:x:0:0:root:/root:/bin/bash daemon:x:2:2:daemon:/sbin:/sbin /nologin ftp:x:14:50:FTP User:/var/ftp/sbin/nologin rabbitmq:x:996:993:RabbitMQ messaging server:/var/lib/rabbitmq:/sbin/ nologin nginx:x:994:991 Nginx web server:/var/lib/nginx:/sbin/nologin postgres:x:26:26: PostgreSQL Server:/var/lib/pqsql/bin/ bash smithjohn:x:1000:1000:/home/smithjohn:/bin/bash leedavid:x:1000:1000:: /home/leedavid:/bin/bash

Q1. Manipulate the company login page URL to try and access the local Linux user account text-based database:

https://www.it-master-website.com/index.php?page= Select the path to access the Linux user database

Q2. Manipulate the login page URL again to research elsewhere on the web server for any password-related information:

https://www.it-master-website.com/index.php?page= Select the path to find additional password-related files

Q3. Which local web server file are these results associated with?

Select the file the output data is directly read from:

Q4. What other information can an attacker gather from reviewing these results? (Select all that apply)

Other installed services Administrator names Local account passwords

Q5. Manipulating the URL in this manner is considered what type of web application vulnerability attack?

Select the attack type that best describes this technique:

Q6. What web application firewall solution can help prevent attackers from exploiting this vulnerability?

Select the most appropriate WAF deployment type for a small on-premises setup: