Course Title: Cyber Security Course Code: COMP SCI 1500 Final Assignment

Weighting: 15%

Introduction

In this assignment, you are provided with a docker container which has an Apache Web Server and your task is to scan the web server for vulnerabilities and patch the vulnerabilities. For this assignment, you will submit a report with screenshots and explanations wherever specified in this document as well as answer to the questions in this document.

Pre-Requisites

You will need to set up the following to complete this assignment. Use your Kali virtual machine to set it up.

1. Docker – First, we will set up the docker container on our Kali Virtual Machine. To do this, follow the guide here:

   https://www.kali.org/docs/containers/installing-docker-on-kali/ Note:You might need to run sudo apt update before running sudo apt install docker.io

2. Nikto – Nikto should be already installed on your Kali VM. If you are using some other distribution, you can download Nikto using the following github command: git clone https://github.com/sullo/nikto.git

3. testssl.sh – To install testssl.sh on Kali VM, run the following command:

sudo apt install testssl.sh

Instructions

1. Setting Up Clean Up

   The following commands are used to list all containers, kill a container and remove any unused network. Try running these commands to clean up your environment if you have other docker containers running on your system.

   Command: docker ps -a Command: docker kill <id> Command: docker network prune

Setup the docker container

We first pull the docker container using the following command,

Now, run the docker container using the following command,

The parameters are as follows:

–name apachescan: Set the container name to apachescan

-p 80:80: Bind port 80 of container to port 80 of host VM

-p 443:443: Bind port 443 of container to port 443 of host VM

-it: Start the container in interactive mode joeltmenayathil/apachescan: Name of the container to run.

Note: You will be prompted for the admin password for the container. The password for the admin user is admin.

This command will start a pre-configured apache server and ssh server in the container. Exit the container using the command(this will shut down the container as well):

Start the container using the following command (in host VM):

Note down the ip address of the container using the command(we will need the IP for sshing into the system at a later stage):

Verify that the apache server is running using the below command:

Screenshot 1: Take a screenshot of the home page returned by the server.

Verify that you can ssh into the server (user:admin ; password:admin)

Exit the container.

1. Generating a Self Signed Certificate

   Log into the docker container as admin with SSH using the command:

   Command: ssh admin@<container ip>

Generate a private key and self signed certificate for the container using the command:

You can use any random information for generating the certificate. Run the command below and take a screenshot of the certificate:

Screenshot 2: Take a screenshot of the certificate

This should have generated a private key and certificate in your current folder. Complete the following to get the certificate working on your web server

• Copy the private key apache-server.key to /etc/ssl/private

• Copy the certificate apache-server.crt to /etc/ssl/certs

Once the above step is complete, restart the apache server by running the following,

1. Scanning with Nikto and testssl.sh

   Download the latest version of Nikto from github (on local VM) or use the already installed one in Kali Linux.

   Scan the apache webserver hosted in the container using the command:

   Command: perl ./nikto/program/nikto.pl -h localhost -ssl

Or

Command: nikto -h localhost -ssl

Screenshot 3: Take a screenshot of the Nikto scan result (include the Start Time field as well)

Scan the apache web server for SSL related issues using the command:

1. Fixing the Vulnerabilities Nikto

   You need to fix any 5 of the following vulnerabilities found in the above scan:

   1. The Content-Encoding header is set to “deflate” this may mean that the server is vulnerable to the BREACH attack.

   2. The anti-clickjacking X-Frame-Options header is not present.

   3. The X-XSS-Protection header is not defined.

   4. The site uses SSL and the Strict-Transport-Security HTTP header is not defined.

   5. The X-Content-Type-Options header is not set.

   6. Server may leak inodes via ETags, header found with file /.

   7. Fix /test/ and /icons/README issues by disabling directory indexing

Scan the apache web server hosted in the container with Nikto after fixing 5 of the above Vulnerabilities.

testssl.sh

You need to fix the following vulnerabilities:

1. Configure the server to use the Cipher Suite: ECDHE-RSA-AES256-GCM-SHA384

2. Make sure that TLSv1.3 protocol is enabled

   Screenshot 4.1 – 4.5: Take a screenshot for every fix you made(You can combine fixes into a single screenshot as well)

   Screenshot 5: Take a screenshot of the Nikto scan after all fixes(any 5 fixes) for the Nikto section

   Screenshot 6.1, 6.2: Take a screenshot for both fixes you have made for TLS/SSL

   Final Report

   For the Final Report, include all the screenshots in addition to the following details.

   Provide detailed explanation for each fix you implemented answering the following three key questions:

   1. Why is this a potential vulnerability?

   2. How did you fix it?

   3. How does this fix mitigate the vulnerability?

Grading(15 Points)

1 points – Lab Setup

1 points – Generating a self signed certificate 1 points – Scanning with Nikto and testssl.sh 6 points – Fixing vulnerabilities and final scan

6 points – Provide proper explanation for each fix in lab report