{
    "id": "58bd4ecd-446f-4bb5-a7b0-d4fe22aad190",
    "name": "WebGoat - Session Fixation",
    "slug": "webgoat-session-fixation",
    "status": "published",
    "lab_type": "pta",
    "is_sample": false,
    "duration_in_seconds": 1800,
    "metadata": {
        "courses": [
            "1dce1618-55b6-4205-9799-e509ad2b2c77"
        ],
        "pta_sdn": "63",
        "collections": [],
        "pta_manual_id": "e1d5-71cd-47df-9182",
        "pta_namespace": "attackdefenselabs",
        "learning_paths": [],
        "has_published_parent": true
    },
    "session": null,
    "company": "a491bc32-c056-4946-9169-cc053387bada",
    "created": "2024-11-26T19:40:38.489281Z",
    "modified": "2024-11-27T14:52:47.571632Z",
    "is_beta": false,
    "lab_objectives": [],
    "main_learning_area": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
    "learning_areas": [
        {
            "id": "3e1aa06f-2e9f-4789-b50d-aa027ad8dcfa",
            "name": "Cyber Security",
            "slug": "cyber-security"
        }
    ],
    "categories": [],
    "tags": [],
    "difficulty": "professional",
    "is_web_access": false,
    "is_lab_experience": false,
    "is_featured": false,
    "cve": null,
    "severity": null,
    "year": null,
    "classification": null,
    "is_trackable": false,
    "cpe_credits": null,
    "is_skill_check": false,
    "external_url": "",
    "solution_video": null,
    "explanation_video": null,
    "description": "Welcome to the WebGoat - Session Fixation lab!\nThis lab is designed to teach you how Session Fixation attacks work and how they can be performed. \n\nThis lab utilizes an intentionally vulnerable web application called WebGoat.\n\nWebgoat is a deliberately vulnerable web application maintained by OWASP. It is licensed under GPLv2.",
    "description_html": "<p>Welcome to the WebGoat - Session Fixation lab!\nThis lab is designed to teach you how Session Fixation attacks work and how they can be performed. </p>\n<p>This lab utilizes an intentionally vulnerable web application called WebGoat.</p>\n<p>Webgoat is a deliberately vulnerable web application maintained by OWASP. It is licensed under GPLv2.</p>",
    "tasks": "The objective of this lab is to demonstrate how a Session Fixation attack works and how it can be performed. \n\nThis lab uses the OWASP WebGoat platform to demonstrate the Session Fixation vulnerability, where an attacker forces a user to authenticate with a pre-defined session ID, allowing the attacker to hijack the session after login. Participants will interact with WebGoat\u2019s intentionally vulnerable application to manipulate session IDs, exploit the vulnerability, and gain unauthorized access. \n\nLab Tasks\n\n- Understand the Session Fixation challenge.\n- Craft the Session Fixation URL.\n- Simulate logging in as the victim/target.\n- Exploit the Session Fixation vulnerability.",
    "tasks_html": "<p>The objective of this lab is to demonstrate how a Session Fixation attack works and how it can be performed. </p>\n<p>This lab uses the OWASP WebGoat platform to demonstrate the Session Fixation vulnerability, where an attacker forces a user to authenticate with a pre-defined session ID, allowing the attacker to hijack the session after login. Participants will interact with WebGoat\u2019s intentionally vulnerable application to manipulate session IDs, exploit the vulnerability, and gain unauthorized access. </p>\n<p>Lab Tasks</p>\n<ul>\n<li>Understand the Session Fixation challenge.</li>\n<li>Craft the Session Fixation URL.</li>\n<li>Simulate logging in as the victim/target.</li>\n<li>Exploit the Session Fixation vulnerability.</li>\n</ul>",
    "published_date": "2024-11-27T14:52:47.571434Z",
    "solutions": "## Introduction\n\nSession fixation is a type of vulnerability where an attacker sets or steals a session ID from a user before they log in, allowing the attacker to hijack the authenticated session.\n\n## Lab Guidelines\n\nAfter staring the lab, you will be provided with a URL to the target web application. This lab does not provide you with access to a Kali Linux system, as a result, you will need to perform the attacks on your own Kali Linux system or your host operating system.\n\nIn order to complete the Session Fixation challenge, you will require the following tools:\n- Burp Suite/OWASP ZAP\n\n\n> This lab can take over 2 minutes to load after opening the URL\n> \n\n\n---\n\n## Task 1: Understand the Session Fixation challenge\n\nOpen the WebGoat URL and login as the \"Webgoat User\" user account. The credentials of the \"Webgoat User\" account are listed on the login form,\n\n![image0](https://assets.ine.com/lab/learningpath/24bc2b78ab7a841ac0a57dc5e96cad4bff3c47886821a43183f59dcffddf1a02.png)\n\nAfter logging in, navigate to the Session Fixation lesson in WebGoat and read the introductory material to understand the context of the vulnerability.\n\n![image6](https://assets.ine.com/lab/learningpath/37891831c0697b80a52c064d2e76e32f4b9730afc366dcf6a6d72a898a4bdb73.png)\n\nThe goal is typically to exploit a session fixation vulnerability by:\n\n- Fixing the session ID of a victim before they log in.\n- Using the same session ID to access the victim's authenticated session.\n\nOnce ready, click on the \"Start Challenge\" button.\n\n## Task 2: Craft the Session Fixation URL\n\nStage 1 of the challenge involves preparing a phishing email that contains a specially crafted URL that contains a pre-defined Session ID.\n\nFor the purpose of this lab challenge, you can use a random SID.\n\nAs shown in the following screenshot, you will also need to modify the URL to ensure that it aligns with the URL of the lab environment as opppsed to the default preset.\n\n![image7](https://assets.ine.com/lab/learningpath/e5497d30a8fbeaea82a07cce2e7e8195ca98fd1d2d4e587f616acdd02ac49a8e.png)\n\nThe URL should look like this:\n\n`/start.mvc#attack/2007866518/1800&SID=1000`\n\nOnce done, click on the \"Send Mail\" button to proceed to the next stage, where you will be emulating the victim.\n\n## Task 3: Emulating the Victim\n\nStage 2 of the challenge allows you to emulate the victim/recipient of the email crafted in the previous task. In this case the victim is \"Jane\".\n\nThis stage of the challenge illustrates what the email looks like from the target's perspective. Given that we are emulating the target's actions, we will need to click on the hyperlink in the email (this link points to the URL we crafted in the previous task).\n\n![image4](https://assets.ine.com/lab/learningpath/97671ca02d1b207b384482bb7631babc0f727f14d43b709aa6890809f93750e8.png)\n\nClicking on the link takes you to Stage 3 of the challenge, where you will need to login as the target \"Jane\". The credentials for the user account \"Jane\" are displayed on the login form.\n\n![image1](https://assets.ine.com/lab/learningpath/716f4a76cc51032f314e23ee16b3d79d65cbd6b78960c0a636eccefd8cf1a347.png)\n\n## Task 4: Exploit the Session Fixation Vulnerability\nOnce logged in as Jane, the challenge will proceed to Stage 4, where you will be required to steal Jane's authenticated session. \n\n\n![image2](https://assets.ine.com/lab/learningpath/35b498527094653490a0d8607e9c970313dd73621b6201d761e383d640aff0e3.png)\n\nAs shown in the preceeding screenshot, Stage 4 informs us that Jane has logged into her account, and as a result, the session ID we specified in the phishing email has now been authenticated and is associated with Jane's session. This means we can steal Jane's authenticated session by using the Session ID we sent in the phishing email.\n\n![image5](https://assets.ine.com/lab/learningpath/ffec846320e2299b558d77d445554f6bbb466544ea8da990bd6eaeefd1690cda.png)\n\nClicking on the link in Stage 4 will direct you to a login page where you will need to modify the \"SID\" URL parameter to the Session ID you specified in the phishing email sent to Jane.\n\nAs shown in the following screenshot, modifying the \"SID\" parameter allows us to steal Jane's authenticated session.\n\n![image3](https://assets.ine.com/lab/learningpath/bbe0e16320f61d9080f12e95474b27ec65e067e70a12e6bf9e98483494ab31c5.png)\n\nWe have succesfully stolen Jane's authenticated session through Session Fixation.",
    "solutions_html": "<h2>Introduction</h2>\n<p>Session fixation is a type of vulnerability where an attacker sets or steals a session ID from a user before they log in, allowing the attacker to hijack the authenticated session.</p>\n<h2>Lab Guidelines</h2>\n<p>After staring the lab, you will be provided with a URL to the target web application. This lab does not provide you with access to a Kali Linux system, as a result, you will need to perform the attacks on your own Kali Linux system or your host operating system.</p>\n<p>In order to complete the Session Fixation challenge, you will require the following tools:\n- Burp Suite/OWASP ZAP</p>\n<blockquote>\n<p>This lab can take over 2 minutes to load after opening the URL\n</p>\n</blockquote>\n<hr />\n<h2>Task 1: Understand the Session Fixation challenge</h2>\n<p>Open the WebGoat URL and login as the \"Webgoat User\" user account. The credentials of the \"Webgoat User\" account are listed on the login form,</p>\n<p><img alt=\"image0\" src=\"https://assets.ine.com/lab/learningpath/24bc2b78ab7a841ac0a57dc5e96cad4bff3c47886821a43183f59dcffddf1a02.png\" /></p>\n<p>After logging in, navigate to the Session Fixation lesson in WebGoat and read the introductory material to understand the context of the vulnerability.</p>\n<p><img alt=\"image6\" src=\"https://assets.ine.com/lab/learningpath/37891831c0697b80a52c064d2e76e32f4b9730afc366dcf6a6d72a898a4bdb73.png\" /></p>\n<p>The goal is typically to exploit a session fixation vulnerability by:</p>\n<ul>\n<li>Fixing the session ID of a victim before they log in.</li>\n<li>Using the same session ID to access the victim's authenticated session.</li>\n</ul>\n<p>Once ready, click on the \"Start Challenge\" button.</p>\n<h2>Task 2: Craft the Session Fixation URL</h2>\n<p>Stage 1 of the challenge involves preparing a phishing email that contains a specially crafted URL that contains a pre-defined Session ID.</p>\n<p>For the purpose of this lab challenge, you can use a random SID.</p>\n<p>As shown in the following screenshot, you will also need to modify the URL to ensure that it aligns with the URL of the lab environment as opppsed to the default preset.</p>\n<p><img alt=\"image7\" src=\"https://assets.ine.com/lab/learningpath/e5497d30a8fbeaea82a07cce2e7e8195ca98fd1d2d4e587f616acdd02ac49a8e.png\" /></p>\n<p>The URL should look like this:</p>\n<p><code>/start.mvc#attack/2007866518/1800&amp;SID=1000</code></p>\n<p>Once done, click on the \"Send Mail\" button to proceed to the next stage, where you will be emulating the victim.</p>\n<h2>Task 3: Emulating the Victim</h2>\n<p>Stage 2 of the challenge allows you to emulate the victim/recipient of the email crafted in the previous task. In this case the victim is \"Jane\".</p>\n<p>This stage of the challenge illustrates what the email looks like from the target's perspective. Given that we are emulating the target's actions, we will need to click on the hyperlink in the email (this link points to the URL we crafted in the previous task).</p>\n<p><img alt=\"image4\" src=\"https://assets.ine.com/lab/learningpath/97671ca02d1b207b384482bb7631babc0f727f14d43b709aa6890809f93750e8.png\" /></p>\n<p>Clicking on the link takes you to Stage 3 of the challenge, where you will need to login as the target \"Jane\". The credentials for the user account \"Jane\" are displayed on the login form.</p>\n<p><img alt=\"image1\" src=\"https://assets.ine.com/lab/learningpath/716f4a76cc51032f314e23ee16b3d79d65cbd6b78960c0a636eccefd8cf1a347.png\" /></p>\n<h2>Task 4: Exploit the Session Fixation Vulnerability</h2>\n<p>Once logged in as Jane, the challenge will proceed to Stage 4, where you will be required to steal Jane's authenticated session. </p>\n<p><img alt=\"image2\" src=\"https://assets.ine.com/lab/learningpath/35b498527094653490a0d8607e9c970313dd73621b6201d761e383d640aff0e3.png\" /></p>\n<p>As shown in the preceeding screenshot, Stage 4 informs us that Jane has logged into her account, and as a result, the session ID we specified in the phishing email has now been authenticated and is associated with Jane's session. This means we can steal Jane's authenticated session by using the Session ID we sent in the phishing email.</p>\n<p><img alt=\"image5\" src=\"https://assets.ine.com/lab/learningpath/ffec846320e2299b558d77d445554f6bbb466544ea8da990bd6eaeefd1690cda.png\" /></p>\n<p>Clicking on the link in Stage 4 will direct you to a login page where you will need to modify the \"SID\" URL parameter to the Session ID you specified in the phishing email sent to Jane.</p>\n<p>As shown in the following screenshot, modifying the \"SID\" parameter allows us to steal Jane's authenticated session.</p>\n<p><img alt=\"image3\" src=\"https://assets.ine.com/lab/learningpath/bbe0e16320f61d9080f12e95474b27ec65e067e70a12e6bf9e98483494ab31c5.png\" /></p>\n<p>We have succesfully stolen Jane's authenticated session through Session Fixation.</p>",
    "flags": [],
    "min_points_to_pass": null,
    "access_type": "default",
    "user_status": "unstarted",
    "user_lab_status": null,
    "user_status_modified": null,
    "user_flags": [],
    "global_running_session": null
}