Raspberry Pi Web App Tinkering

Overview

Web apps are a major attack surface. This project builds a custom site on a Raspberry Pi (Apache + WebDAV) with intentional misconfigurations, then demonstrates reconnaissance, vulnerability scanning, and analysis & reporting workflows in a safe lab.

Purpose

• Technical Proficiency: Build & configure a basic app; deploy intentional misconfigurations.
• Security Mindset: Use industry tools for active recon and scanning in a controlled environment.
• Professional Documentation: Clear, reproducible steps mirroring real-world reporting.

Objectives

1. Web App Configuration: Custom index page on Apache 2.4.59 (Raspberry Pi 3) with purposeful weaknesses.
2. Active Reconnaissance: Enumerate HTTP/services using nmap, WhatWeb, and Burp Suite; run dirb, dirbuster, gobuster.
3. Vulnerability Scanning: Identify issues with nmap and nikto.
4. Analysis & Reporting: Summarize findings and mitigations.

Toolset

• Active Recon: nmap, whatweb, dirb, dirbuster, gobuster, Burp Suite
• Vulnerability Scanning: nmap, nikto
• Analysis: Clear, professional documentation & reporting

Configuring the Web Application

Deliberate misconfigurations make the target interesting for tools like Nmap, Nikto, and Burp Suite. WebDAV is enabled for file uploads.

Specific Misconfigurations

1. Weak authentication for WebDAV
2. Directory listings enabled
3. Hidden directories and files
4. Exposed sensitive configuration
5. Crafted XSS vulnerability

Weak WebDAV Authentication

Enable WebDAV with Basic Auth and intentionally weak credentials.

Directory Listings Enabled

Apache Options Indexes exposes directory listings when no default index is present.

Hidden Directories & Files

Hidden and obvious paths are created under /var/www/html to surface during directory busting and manual browsing.

Exposed Sensitive Configuration

Example: a public config.php containing sensitive information.

Crafted XSS Vulnerability

Convert index.html to index.php and inject reflected XSS via unsanitized query parameter.

Active Recon

Create a Bash helper script to run initial Nmap sweeps, then save results; run WhatWeb for tech fingerprinting.

Directory Busting

Discover hidden/interesting paths with Dirb, Dirbuster, and Gobuster.

Active Recon with Burp Suite

Intercept a GET request, send to Repeater, and probe different HTTP methods.

Vulnerability Scanning

Nmap --script vuln

Nikto Scan

Exploitation

Exploiting Reflected XSS

Exploit the vulnerable index.php by passing a crafted ?query= value.

http://192.168.1.103/index.php?query=test

Mitigation

Sanitize and encode user input before output. Example using htmlspecialchars():

Also consider strict input validation and a defensive Content-Security-Policy.

Exploiting WebDAV

Weak Basic Auth on /webdav can be brute forced—or discovered via scanning. Once credentials are known, upload a PHP payload and gain a shell.

Analysis & Reporting

This lab demonstrates how misconfigurations are identified, exploited, and mitigated. It also reinforces a methodical workflow and clear documentation.

Methodology

• Identify HTTP methods, server details, and headers via Burp + Nmap.
• Enumerate directories with Dirb/Dirbuster/Gobuster.
• Probe various HTTP methods to analyze behavior and exposure.
• Scan for vulnerabilities with Nmap NSE (vuln) and Nikto.

Key Findings

• Reflected XSS: Risk of data theft, phishing, session hijacking.
• Weak WebDAV Auth: Enabled arbitrary file upload and remote shell.
• Directory Listings: Exposed structure and sensitive files.
• Missing Security Headers: Clickjacking/MIME risks.

Mitigation Recommendations

• Sanitize/encode output (htmlspecialchars()), validate input, set CSP.
• Harden WebDAV: strong creds, HTTPS, restrict methods & file types.
• Disable Indexes in Apache; restrict access to sensitive files.
• Add security headers: X-Frame-Options, Content-Security-Policy, X-Content-Type-Options.

Lessons Learned

Hands-on practice with a purposely vulnerable app sharpens recon, scanning, exploitation, and remediation skills—end-to-end.

Back to Home