Security's Labyrinth

In this article, I will explain how to move inside a network using a meterpreter obtained in another network. [Pivoting] Machines used: Attacker: Kali Linux (2020.1) Victim 1: Windows 7 x64 SP1 Victim 2: Windows 10 Pro Build 10240 x64 Adding a virtual adapter in VMWare Workstation: Firstly, we need to create an internal network for Windows 7 and Windows 10 by adding a virtual adapter. Step 1: Open Virtual Network Editor Step 2: Click on Change Settings Step 3: Click on Add Network, change the subnet IP to 10.10.10.0 and apply the settings. Note: You can give any custom subnet IP here. Setting up the lab: The next step is to update the network adapter(s) in all 3 virtual machines. The updated adapter settings are: Kali Linux: NAT Windows 7: NAT, vmnet2 (Host only) Windows 10: vmnet2 (Host only) In my system, the IP’s are as follows: Kali Linux: 192.168.30.128 Windows 7: 192.168.30.136, 10.10.10.128 Windows 10: 10.10.10.129 Note that Kali and Windows...

A Web Application Firewall acts as a protecting layer between the web application and the Internet. It filters the traffic and monitors it to protect the web application from certain attacks such as XSS (Cross site scripting) , DDOS (Distributed Denial of Service) and SQL Injection.  Unlike traditional edge firewalls that work on network layer, a WAF works at the application layer. WAF was needed because traditional firewalls were unable to block HTTP traffic, since different web applications had the same port number (80 or 443).   Diagrammatic Representation (Example Scenario): Description: When the client tries to access the Web application (say www.test.com), his request is filtered through the WAF running on Ubuntu (which filters the traffic and also gives him the illusion that the Web Application he's trying to access is hosted on an Ubuntu server) . Hence , Web application server's IP Address is not revealed (Windows 7). We can say that the WAF acts as a prox...