42 lines
1.7 KiB
TeX
42 lines
1.7 KiB
TeX
\section{Appendices}
|
|
\label{sec:appendices}
|
|
|
|
\subsection*{Nessus files}
|
|
\label{sec:appendices_nessus}
|
|
|
|
The two outputs generated by \textit{Nessus} are attached to this report, under the \textit{nessus} folder in the \textit{ZIP} file of the sources.
|
|
|
|
\begin{itemize}
|
|
\item \textbf{http\_splitting\_vg9un1.nessus}: results of the overall scan on the complete server
|
|
\item \textbf{58002\_hkbi2w.nessus}: results of the Web-oriented scan on the Web server
|
|
\end{itemize}
|
|
|
|
\subsection*{Attack script}
|
|
\label{sec:appendices_script}
|
|
|
|
The \textit{Node} application used to perform the attack is available in the \textit{ZIP} file of the sources.
|
|
|
|
Files:
|
|
\begin{itemize}
|
|
\item \textbf{package.json}: file defining the application and its dependencies
|
|
\item \textbf{index.js}: file containing the \gls{javascript} code for the attack
|
|
\end{itemize}
|
|
|
|
Here is the procedure to install and execute the attack from a terminal:
|
|
\begin{enumerate}
|
|
\item Go to the directory containing those two files
|
|
\item Run the following command to initialize the application: \texttt{npm install}
|
|
\item Run the following command: \texttt{node index.js}
|
|
\end{enumerate}
|
|
|
|
Make sure that the \textit{Node} environment and the \gls{npm} \gls{package_manager} are installed on your system.
|
|
|
|
\subsection*{\LaTeX \ report}
|
|
\label{sec:appendices_report}
|
|
|
|
The files used to generate this report are available under the \textit{report} folder of the \textit{ZIP} file of the sources.
|
|
|
|
\subsection*{Presentation}
|
|
\label{sec:appendices_presentation}
|
|
|
|
The presentation file, EHK20\_HTTP-Response-Splitting\_Guibert-Loic\_presentation.pdf, of this challenge is available at the root directory of the main \textit{ZIP} file. |