For educational purposes, it's crucial to ensure that any demonstration remains ethical and legal. Instead of directly hacking a real system, you can set up controlled environments and simulations that allow to see the principles in action without any real harm. One of the most popular and beginner-friendly demonstrations is setting up a vulnerable web application and showing how certain vulnerabilities can be exploited. Here's a guide to setting up a demonstration using the DVWA Damn Vulnerable Web Application DVWA Setup: ● ● 1. Environment Setup Install a virtualization platform like VirtualBox or VMware. O Virtualization Platform: Software like VirtualBox or VMware allows you to run a separate operating system within your primary OS. o Why? It provides a sandboxed environment where you can safely run vulnerable applications without risking your main system. Download and set up a virtual machine with a system like Kali Linux or Ubuntu. (Kali comes preloaded with security tools.) Virtual Machine: Kali Linux or Ubuntu are popular choices. Kali Linux: Specifically designed for penetration testing and comes preloaded with numerous security tools. Ubuntu: A beginner-friendly Linux distribution. You can download the official ISO image for Kali Linux from its official website. Here's the link to the downloads page: https://www.kali.org/downloads/ On this page, you will find multiple versions of Kali Linux ISOs. Typically, you'd want to download the latest stable release, but there are also light versions, versions for different architectures, and live boot versions available. Choose the one that best fits your needs, but for most users, the default "Kali Linux 64- bit" should be appropriate. Remember to always download security tools and distributions from their official sources to ensure the integrity and authenticity of the software. O O https://www.virtualbox.org/wiki/Downloads Here, you'll find different versions tailored for different operating systems. Just select the one that matches your host operating system (Windows, macOS, Linux, etc.) and proceed with the download and installation. O ● ● ● Setting up the Virtual Machine: bash sql O O 2. Server and Database Setup: Install Apache, MySQL, and PHP on the virtual machine. Apache, MySQL, and PHP: These are required to run DVWA since it's a web application. Apache: Web server software. MySQL: Database system. PHP: Scripting language used in DVWA. O Open your virtualization software. Click "New" or "Create New Virtual Machine". Set the OS type to Linux and choose either Ubuntu or Kali Linux (depending on which ISO you have). bash Allocate RAM and storage (2GB RAM and 20GB storage should suffice). Start the VM and point it to the ISO file you downloaded. sudo apt update sudo apt install apache2 mysql-server php php-mysqli Update the repositories: sudo apt update && sudo apt upgrade Copy code Start the services: Starting services ensures that both the web server and database are running and ready to host DVWA. sudo service apache2 start sudo service mysql start Copy code Copy code 3. DVWA Setup: Download DVWA from its GitHub repository: https://github.com/digininja/DVWA ● ● ● bash git clone https://github.com/digininja/DVWA.git Extract DVWA to your Apache's root directory (` /var/www/html`) (i.e., Move the DVWA folder to the Apache directory): bash sudo mv DVWA /var/www/html/ Change Permissions: kotlin sudo chown www-data:www-data /var/www/html/DVWA -R Start Apache and MySQL services. sql sudo service apache2 start sudo service mysql start Open your browser and navigate to the DVWA setup page: http://localhost/DVWA/setup.php Copy code งา Copy code Copy code Copy code O Click on "Create / Reset Database" button. This will set up the database for DVWA. O Once set up, you can now log into DVWA. The default credentials are admin for the username and password for the password. Follow the instructions to set up DVWA. 4. Vulnerability Demonstration: Once DVWA is set up, it offers various security challenges ranging from low to high difficulty. ● Choose a vulnerability. For beginners, 'SQL Injection' or 'Cross-Site Scripting' are good starting points. SQL Injection: Here, you can show how manipulating input fields can allow a user to retrieve or tamper with database content. Cross-Site Scripting: Demonstrate how websites can inadvertently run malicious scripts if user inputs are not sanitized. ● Use the UI to demonstrate how an attacker might exploit the vulnerability. UI Demonstration: DVWA's user-friendly interface provides input fields and other Ul elements to simulate how an actual attack might occur on a real-world application. Then, switch the security level to 'high' or 'impossible' to show how security measures can prevent these attacks. 5. Shutting Down It's crucial to always shut down your VM properly to avoid data corruption o Security Levels: DVWA has built-in varying levels of security to simulate the range from highly vulnerable to securely coded applications. sudo poweroff ● 6. Discussion: ● Principles Behind the Vulnerability: Discuss why the vulnerability exists. For example, SQL Injections can occur when user inputs are directly used in database queries without sanitization. Copy code ● Best Practices: For SQL Injections, always use parameterized queries or prepared statements. For Cross-Site Scripting, always sanitize user inputs. Importance: Emphasize how small coding mistakes can lead to significant security vulnerabilities. 7. Important: ● Legal and Ethical Boundaries: Students must be made aware that using these skills outside controlled environments without permission is both unethical and illegal. Permission is Key: Always get explicit permission when testing for vulnerabilities, even in a workplace setting. By providing a hands-on approach, students can understand not just the theoretical aspects but also see how vulnerabilities are practically exploited and the real-world implications of insecure coding practices./n

Fig: 1