CNIT 122 Project 3: Making a Vulnerable LAMP Web Application (20 pts.)

What You Need

You will need a Linux machine, real or virtual. I recommend using BackTrack 5 R1.

Starting BackTrack

Start your BackTrack machine. Log in as root with the password toor . Start graphics with the startx command. At the top left of the BackTrack desktop, click the little black square icon to open a Terminal window.

Starting MySQL

At the # prompt, enter these commands followed by the Enter key:

/etc/init.d/mysql restart
netstat -an | more

shows the local address 127.0.0.1:3306 in a State of LISTEN, as shown below:

Set mysql root password

At the # prompt, enter this command followed by the Enter key:

dpkg-reconfigure mysql-server-5.1

enter a password twice, when you are prompted to. For our purposes, a password of password is OK. (We are deliberately creating an insecure application for testing purposes.)

Starting the MySQL Console

At the # prompt, enter this command followed by the Enter key:

mysql -u root -p

At the "Enter password" prompt, type:

password

and press the Enter key.

At the mysql> prompt, enter this command followed by the Enter key:

CREATE DATABASE store;

At the mysql> prompt, enter this command followed by the Enter key:

SHOW DATABASES;

You will see three databases, including the one named "store", as shown below:

At the mysql> prompt, enter this command followed by the Enter key:

USE store;

This tells MySQL that you are working with the store> database.

At the mysql> prompt, enter these commands followed by the Enter key:

CREATE TABLE customers (name VARCHAR(20), SSN VARCHAR(11)); SHOW TABLES;

You will see the table you created, as shown below:

At the mysql> prompt, enter these commands followed by the Enter key: (In the last record, use your own name, not the literal string "YOUR NAME".)

INSERT INTO customers VALUES('Joe Green', '11-222-3333'); INSERT INTO customers VALUES('Sue Smith', '22-345-1122');
INSERT INTO customers VALUES('YOUR NAME', '34-345-3456'); SELECT * FROM customers;

You will see the data you inserted, as shown below:

At the mysql> prompt, press Ctrl+C to exit MySQL.

Starting Apache

At the #> prompt, enter these commands followed by the Enter key:

/etc/init.d/apache2 restart
netstat -an | more

You should see the local address 127.0.0.1:3306 in a State of LISTEN, and also the local address 0.0.0.0:80 in a State of LISTEN, as shown below:

Testing PHP

At the #> prompt, enter these commands followed by the Enter key:

cd /var/www
nano test.php

In nano, type in the code shown below:

<?php phpinfo(); ?>

Your screen should look like this:

Press Ctrl+X, then press Y, then press the Enter key. This saves your file.

From the menu bar in the top left of the BackTrack desktop, click Applications, Internet, Firefox Web Browser.

In the Firefox address bar, enter localhost/test.php and then press the Enter key. You should see a PHP configuration page, as shown below:

This verifies that Apache and PHP are running correctly.

Creating the update.php script

At the #> prompt, enter these commands followed by the Enter key:

cd /var/www
nano update.php

In nano, type in the code shown below:

<? $user="root"; $password="password"; $database="store"; $name=$_POST['name']; $ssn=$_POST['ssn']; mysql_connect(localhost,$user,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "UPDATE customers SET ssn='$ssn' WHERE name='$name'"; mysql_query($query); mysql_close(); ?>

Your screen should look like this:

Press Ctrl+X, then press Y, then press the Enter key. This saves your file.

Creating the display.php script

At the #> prompt, enter these commands followed by the Enter key:

cd /var/www
nano display.php

In nano, type in the code shown below:

<? $user="root"; $password="password"; $database="store"; mysql_connect(localhost,$user,$password); @mysql_select_db($database) or die( "Unable to select database"); $query = "SELECT * FROM customers"; $result=mysql_query($query); $num=mysql_numrows($result); mysql_close(); $i=0; while ($i < $num) { $name=mysql_result($result,$i,"name"); $ssn=mysql_result($result,$i,"ssn"); echo "Row $i: Name: <b>$name</b> SSN: <b>$ssn</b><br>\n"; $i++; } ?>

Your screen should look like this:

Press Ctrl+X, then press Y, then press the Enter key. This saves your file.

Creating the customer.html form

At the #> prompt, enter these commands followed by the Enter key:

cd /var/www
nano customer.html

In nano, type in the code shown below:

<html> <body> <form action="update.php" method="post"> <p>Name: <input type="text" name="name"> <p>New SSN: <input type="text" name="ssn"> <p><input type="submit" value="Update SSN"> </form> <form action="display.php" method="post"> <input type="submit" value="Display Data"> </form> </body> </html>

Your screen should look like this:

Press Ctrl+X, then press Y, then press the Enter key. This saves your file.

Using the HTML Form

In Firefox, go to this address:

localhost/customer.html

You should see a Web form, as shown below:

Click the button labelled "Display Data". You should see the three rows of data, as shown below:

In Firefox, click the Back button to return to the customer.html page.

Type in your own name (not the literal text "YOUR NAME"), and a fake SSN of 12-345-6789, as shown below. Click the "Update SSN" button.

Click the Back button. Click the "Display Data" button. You should your name in the last row, with a SSN of 12-345-6789, as shown below:

Saving the Screen Image

Make sure you can see your own name in the last row, with a SSN of 12-345-6789, as shown in the image above on this page.

Save a screen image with the filename "Proj 3 from Your Name".

Turning in Your Project

Email the image to cnit.122sam@gmail.com with a Subject line of Proj 3 from Your Name.

Last modified: 9:30 am 9-1-11

Sources

http://dev.mysql.com/doc/refman/5.0/en/tutorial.html

https://help.ubuntu.com/community/ApacheMySQLPHP

http://www.freewebmasterhelp.com/tutorials/phpmysql/4