hmmmmm

relatorio/relatorio.aux

@@ -17,19 +17,19 @@
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.3}Identity Management Testing}{4}{subsection.3.3}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.4}Authentication Testing}{6}{subsection.3.4}\protected@file@percent }
 \@writefile{toc}{\contentsline {subsection}{\numberline {3.5}Authorization Testing}{6}{subsection.3.5}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Session Management Testing}{6}{subsection.3.6}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{6}{subsection.3.7}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{7}{subsection.3.8}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Client Side Testing}{7}{subsection.3.9}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {4}Web Application Security Firewall}{8}{section.4}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Information Gathering}{8}{subsection.4.1}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{8}{subsection.4.2}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{8}{subsection.4.3}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Authentication Testing}{8}{subsection.4.4}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Authorization Testing}{8}{subsection.4.5}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Session Management Testing}{8}{subsection.4.6}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{8}{subsection.4.7}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{8}{subsection.4.8}\protected@file@percent }
-\@writefile{toc}{\contentsline {subsection}{\numberline {4.9}Client Side Testing}{8}{subsection.4.9}\protected@file@percent }
-\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusions}{8}{section.5}\protected@file@percent }
-\gdef \@abspage@last{8}
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.6}Session Management Testing}{7}{subsection.3.6}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{7}{subsection.3.7}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{8}{subsection.3.8}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {3.9}Client Side Testing}{8}{subsection.3.9}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {4}Web Application Security Firewall}{9}{section.4}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Information Gathering}{9}{subsection.4.1}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{9}{subsection.4.2}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{9}{subsection.4.3}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Authentication Testing}{9}{subsection.4.4}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}Authorization Testing}{9}{subsection.4.5}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Session Management Testing}{9}{subsection.4.6}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{9}{subsection.4.7}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{9}{subsection.4.8}\protected@file@percent }
+\@writefile{toc}{\contentsline {subsection}{\numberline {4.9}Client Side Testing}{9}{subsection.4.9}\protected@file@percent }
+\@writefile{toc}{\contentsline {section}{\numberline {5}Conclusions}{9}{section.5}\protected@file@percent }
+\gdef \@abspage@last{9}

relatorio/relatorio.log

@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.141592653-2.6-1.40.29 (MiKTeX 26.2) (preloaded format=pdflatex 2026.5.30)  30 MAY 2026 22:04
+This is pdfTeX, Version 3.141592653-2.6-1.40.29 (MiKTeX 26.2) (preloaded format=pdflatex 2026.5.30)  31 MAY 2026 13:10
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.
@@ -1275,19 +1275,8 @@ LaTeX Font Info:    Font shape `T1/Raleway-OsF/bold/n' aliased to
 (Font)              `T1/Raleway-OsF/b/n' on input line 40.
 LaTeX Font Info:    Font shape `T1/Raleway-OsF/b/n' will be
 (Font)              scaled to size 12.0pt on input line 40.
-\g__tcobox_out_iow=\write6
-\openout6 = `relatorio.listing'.
-
-LaTeX Font Info:    Font shape `T1/cmtt/bx/n' in size <10.95> not available
-(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 64.
-LaTeX Font Info:    Font shape `T1/cmtt/bx/n' in size <9> not available
-(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 64.
- (relatorio.listing
-LaTeX Font Info:    Font shape `T1/Raleway-OsF/m/n' will be
-(Font)              scaled to size 9.0pt on input line 1.
-) [3]
 LaTeX Font Info:    Trying to load font information for TS1+Raleway-OsF on inpu
-t line 70.
+t line 43.
 
 (C:\Users\lcorp\AppData\Local\Programs\MiKTeX\tex/latex/raleway\ts1raleway-osf.
 fd
@@ -1295,13 +1284,35 @@ File: TS1Raleway-OsF.fd 2025/04/09 (autoinst) Font definitions for TS1/Raleway-
 OsF.
 )
 LaTeX Font Info:    Font shape `TS1/Raleway-OsF/m/n' will be
-(Font)              scaled to size 10.95pt on input line 70.
- [4{C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts/enc/dvips/raleway/a_2drk
-ug.enc}]
+(Font)              scaled to size 10.95pt on input line 43.
+\g__tcobox_out_iow=\write6
 \openout6 = `relatorio.listing'.
 
- (relatorio.listing) [5]
-Overfull \hbox (6.24345pt too wide) in paragraph at lines 152--153
+LaTeX Font Info:    Font shape `T1/cmtt/bx/n' in size <10.95> not available
+(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 72.
+LaTeX Font Info:    Font shape `T1/cmtt/bx/n' in size <9> not available
+(Font)              Font shape `T1/cmtt/m/n' tried instead on input line 72.
+ (relatorio.listing
+LaTeX Font Info:    Font shape `T1/Raleway-OsF/m/n' will be
+(Font)              scaled to size 9.0pt on input line 1.
+) [3{C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts/enc/dvips/raleway/a_2dr
+kug.enc}] [4]
+\openout6 = `relatorio.listing'.
+
+ (relatorio.listing)
+<./imgs/email-unique.png, id=202, 475.7775pt x 361.35pt>
+File: ./imgs/email-unique.png Graphic file (type png)
+<use ./imgs/email-unique.png>
+Package pdftex.def Info: ./imgs/email-unique.png  used on input line 130.
+(pdftex.def)             Requested size: 226.48395pt x 172.01245pt.
+ [5 <./imgs/email-unique.png (PNG copy)>]
+<./imgs/email-invalido.png, id=223, 504.88625pt x 541.02126pt>
+File: ./imgs/email-invalido.png Graphic file (type png)
+<use ./imgs/email-invalido.png>
+Package pdftex.def Info: ./imgs/email-invalido.png  used on input line 141.
+(pdftex.def)             Requested size: 226.48395pt x 242.69781pt.
+ [6 <./imgs/email-invalido.png (PNG copy)>]
+Overfull \hbox (6.24345pt too wide) in paragraph at lines 167--168
 []\T1/Raleway-OsF/b/n/10.95 Tentativa com Script Di-reto: \T1/Raleway-OsF/m/n/1
 0.95 In-se-ri-mos o pay-load tra-di-ci-o-nal \T1/cmtt/m/n/10.95 <script>alert("
 someones
@@ -1309,14 +1320,20 @@ someones
 
 \openout6 = `relatorio.listing'.
 
-(relatorio.listing) [6]
+(relatorio.listing)
 \openout6 = `relatorio.listing'.
 
  (relatorio.listing) [7]
+<./imgs/stack-trace.png, id=253, 643.90562pt x 378.91562pt>
+File: ./imgs/stack-trace.png Graphic file (type png)
+<use ./imgs/stack-trace.png>
+Package pdftex.def Info: ./imgs/stack-trace.png  used on input line 213.
+(pdftex.def)             Requested size: 452.9679pt x 266.56314pt.
+ [8 <./imgs/stack-trace.png>]
 \openout6 = `relatorio.listing'.
 
- (relatorio.listing) [8]
-(relatorio.aux)
+
+(relatorio.listing) [9] (relatorio.aux)
  ***********
 LaTeX2e <2025-11-01>
 L3 programming layer <2026-03-20>
@@ -1325,10 +1342,10 @@ Package rerunfilecheck Info: File `relatorio.out' has not changed.
 (rerunfilecheck)             Checksum: 5C0D8761B50FECB6447C0D628A4DD50C;4695.
  ) 
 Here is how much of TeX's memory you used:
- 31660 strings out of 467691
- 635632 string characters out of 5414987
- 1246033 words of memory out of 5000000
- 60062 multiletter control sequences out of 15000+600000
+ 31703 strings out of 467691
+ 636789 string characters out of 5414987
+ 1211034 words of memory out of 5000000
+ 60104 multiletter control sequences out of 15000+600000
  791342 words of font info for 89 fonts, out of 8000000 for 9000
  1141 hyphenation exceptions out of 8191
  113i,8n,122p,483b,1803s stack positions out of 10000i,1000n,20000p,200000b,200000s
@@ -1338,9 +1355,9 @@ Here is how much of TeX's memory you used:
 ri/raleway/Raleway-Bold.pfb><C:/Users/lcorp/AppData/Local/Programs/MiKTeX/fonts
 /type1/impallari/raleway/Raleway-Italic.pfb><C:/Users/lcorp/AppData/Local/Progr
 ams/MiKTeX/fonts/type1/impallari/raleway/Raleway-Regular.pfb>
-Output written on relatorio.pdf (8 pages, 139440 bytes).
+Output written on relatorio.pdf (9 pages, 260502 bytes).
 PDF statistics:
- 442 PDF objects out of 1000 (max. 8388607)
- 95 named destinations out of 1000 (max. 500000)
- 365 words of extra memory for PDF output out of 10000 (max. 10000000)
+ 451 PDF objects out of 1000 (max. 8388607)
+ 96 named destinations out of 1000 (max. 500000)
+ 380 words of extra memory for PDF output out of 10000 (max. 10000000)
 

relatorio/relatorio.tex

@@ -21,7 +21,7 @@
 \newpage
 
 \section{Introduction}
-% FAZER EM ENGLISH??? 
+
 Este trabalho tem como objetivo realizar testes de penetração numa aplicação
 cobaia (o \textit{Juicebox}) desenhada para aprendizagem. 
 
@@ -38,26 +38,34 @@ mitigar as várias vulnerabilidades que foram encontradas na etapa anterior.
 
 
 \subsection{Network structure}
-% 10.60.0.0 - rede externa
-% 20.60.0.0 - rede interna
+
+\begin{itemize}
+  \item \textbf{Client (20.60.0.0/24)} – Cliente.
+  \item \textbf{Server (10.60.0.0/24)} – Apache+ModSecurity e JuiceShop.
+\end{itemize}
 
 \subsection{Servers}
-% 10.60.0.1 - router
-% 20.60.0.2 - client 
-
-O router contém a firewall e o serviço juicebox.
+\begin{itemize}
+  \item \textbf{10.60.0.1} – Servidor CentOS 9 com WAF e aplicação JuiceShop.
+\end{itemize}
 
 \subsection{Services}
-% juicebox - port 3000
-Juicebox no port 3000 
-
+\begin{center}
+\begin{tabular}{ll}
+    \toprule
+    Service             & Port \\\midrule
+    NodeJS (JuiceShop)  & 3000 \\
+    Apache (WAF)        & 80   \\
+    \bottomrule
+\end{tabular}
+\end{center}
 \section{Web application security testing}
 
 \subsection{Information Gathering}
 
-Utilizámos a política por omissão (\textit{default policy}) para a realização do \textit{Active Scan} através do OWASP ZAP. Com esta abordagem, obtivemos múltiplos alertas automáticos. De forma a priorizar a análise, selecionámos os cinco alertas principais com base no maior nível de risco e grau de confiança reportados pela ferramenta.
+Utilizámos a política por omissão (\textit{default policy}) para a realização do \textit{Active Scan} através do OWASP ZAP. Com esta abordagem, obtivemos múltiplos alertas automáticos. De forma a priorizar a análise, investigamos as alertas principais com base no maior nível de risco e grau de confiança reportados pela ferramenta.
 
-Adicionalmente, realizámos testes de infraestrutura e mapeamento de vetores utilizando ferramentas especializadas:
+Adicionalmente, realizámos testes de infraestrutura utilizando ferramentas especializadas:
 
 \begin{codeblock}{bash}
 sqlmap -u "http://192.168.1.1:3000/rest/products/search?q=apple" -p q --level=5 --risk=3 --banner
@@ -66,6 +74,7 @@ sqlmap -u "http://192.168.1.1:3000/rest/products/search?q=apple" -p q --level=5
 Ao executar o \textit{sqlmap}, descobrimos que o sistema de gestão de base de dados subjacente é o \textit{SQLite}. 
 
 Paralelamente, realizámos uma descoberta de ficheiros e diretórios através de técnicas de \textit{fuzzing} de URLs no OWASP ZAP recorrendo à lista de permissões da \textit{DirBuster}. Esta exploração revelou os seguintes endpoints publicamente expostos:
+
 \begin{itemize}
     \item \texttt{/ftp}: Servidor de armazenamento e transferência de ficheiros exposto.
     \item \texttt{/metrics}: Métricas internas da infraestrutura expostas.
@@ -118,6 +127,8 @@ O servidor backend processou o pedido sem validar se o utilizador possuía autor
 
 Ao tentar registar um utilizador com o e-mail \texttt{admin@juice-sh.op}, verificámos que a aplicação devolve uma mensagem de erro explícita indicando que o e-mail já se encontra registado no sistema. Este comportamento confirma a vulnerabilidade de enumeração de contas, permitindo a um atacante mapear quais os e-mails válidos na plataforma.
 
+\includegraphics[width=0.5\textwidth]{email-unique}
+
 \subsubsection*{Testing for Weak or Unenforced Username Policy}
 
 Após testar vários caracteres especiais no formulário de registo, criámos um utilizador com os seguintes dados nos campos de input:
@@ -127,9 +138,13 @@ Após testar vários caracteres especiais no formulário de registo, criámos um
 \end{itemize}
 A aplicação aceitou o registo sem validar a presença de carateres de injeção SQL ou tags HTML. Contudo, verificámos que é impossível efetuar login com esta conta posteriormente, uma vez que o processo de autenticação falha e resulta num erro genérico do tipo \texttt{[object Object]} no ecrã.
 
+\includegraphics[width=0.5\textwidth]{email-invalido}
+
 \subsection{Authentication Testing}
 
-Realizámos testes de \textit{fuzzing} automatizado contra o formulário de login utilizando dicionários de credenciais. Identificámos que a aplicação não implementa mecanismos de bloqueio de conta (*Account Lockout*) ou limitação de taxa de pedidos (*Rate Limiting*), permitindo ataques contínuos de força bruta.
+Realizámos testes de \textit{fuzzing} automatizado contra o formulário de login utilizando dicionários de credenciais. Identificámos que a aplicação não implementa mecanismos de bloqueio de conta (*Account Lockout*) ou limitação de taxa de pedidos (*Rate Limiting*), permitindo ataques contínuos de \textit{brute force}.
+
+
 
 \subsection{Authorization Testing}
 
@@ -193,6 +208,10 @@ sqlmap -u "http://10.60.0.1:3000/rest/products/search?q=apple" -p q --dbms=sqlit
 
 Ao tentar forçar o acesso a uma página ou ficheiro inexistente no servidor de ficheiros, como por exemplo na rota \texttt{/ftp/teste}, a aplicação falhou ao tratar a exceção de forma segura. Em vez de apresentar uma página de erro genérica (404), o servidor devolveu uma resposta detalhada expondo o \textit{stack trace} completo do ambiente \textit{Express.js}, revelando caminhos internos do sistema de ficheiros do servidor.
 
+
+
+\includegraphics[width=\textwidth]{stack-trace}
+
 \subsection{Client Side Testing}
 
 Validámos que o token de sessão (JWT) do utilizador autenticado está armazenado diretamente no \texttt{localStorage} do navegador. Uma vez que o \texttt{localStorage} não possui mecanismos de proteção equivalentes à flag \texttt{HttpOnly} dos cookies, qualquer script executado no contexto da página consegue ler estes dados.
@@ -205,6 +224,7 @@ Utilizando a falha de XSS identificada anteriormente na barra de pesquisas, inje
 
 A execução deste vetor permitiu extrair o conteúdo do token diretamente do armazenamento local da vítima. Isto prova que um atacante pode automatizar a exfiltração destas informações e assumir a identidade de qualquer utilizador afetado sem necessitar de saber as credenciais de acesso de forma persistente.
 
+
 \section{Web Application Security Firewall}
 
 % Esta seccao sera preenchida com os resultados da Segunda Etapa (Com WAF ativada)

relatorio/relatorio.toc

@@ -10,18 +10,18 @@
 \contentsline {subsection}{\numberline {3.3}Identity Management Testing}{4}{subsection.3.3}%
 \contentsline {subsection}{\numberline {3.4}Authentication Testing}{6}{subsection.3.4}%
 \contentsline {subsection}{\numberline {3.5}Authorization Testing}{6}{subsection.3.5}%
-\contentsline {subsection}{\numberline {3.6}Session Management Testing}{6}{subsection.3.6}%
-\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{6}{subsection.3.7}%
-\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{7}{subsection.3.8}%
-\contentsline {subsection}{\numberline {3.9}Client Side Testing}{7}{subsection.3.9}%
-\contentsline {section}{\numberline {4}Web Application Security Firewall}{8}{section.4}%
-\contentsline {subsection}{\numberline {4.1}Information Gathering}{8}{subsection.4.1}%
-\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{8}{subsection.4.2}%
-\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{8}{subsection.4.3}%
-\contentsline {subsection}{\numberline {4.4}Authentication Testing}{8}{subsection.4.4}%
-\contentsline {subsection}{\numberline {4.5}Authorization Testing}{8}{subsection.4.5}%
-\contentsline {subsection}{\numberline {4.6}Session Management Testing}{8}{subsection.4.6}%
-\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{8}{subsection.4.7}%
-\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{8}{subsection.4.8}%
-\contentsline {subsection}{\numberline {4.9}Client Side Testing}{8}{subsection.4.9}%
-\contentsline {section}{\numberline {5}Conclusions}{8}{section.5}%
+\contentsline {subsection}{\numberline {3.6}Session Management Testing}{7}{subsection.3.6}%
+\contentsline {subsection}{\numberline {3.7}Input Validation Testing}{7}{subsection.3.7}%
+\contentsline {subsection}{\numberline {3.8}Testing for Error Handling}{8}{subsection.3.8}%
+\contentsline {subsection}{\numberline {3.9}Client Side Testing}{8}{subsection.3.9}%
+\contentsline {section}{\numberline {4}Web Application Security Firewall}{9}{section.4}%
+\contentsline {subsection}{\numberline {4.1}Information Gathering}{9}{subsection.4.1}%
+\contentsline {subsection}{\numberline {4.2}Configuration and Deployment Management Testing}{9}{subsection.4.2}%
+\contentsline {subsection}{\numberline {4.3}Identity Management Testing}{9}{subsection.4.3}%
+\contentsline {subsection}{\numberline {4.4}Authentication Testing}{9}{subsection.4.4}%
+\contentsline {subsection}{\numberline {4.5}Authorization Testing}{9}{subsection.4.5}%
+\contentsline {subsection}{\numberline {4.6}Session Management Testing}{9}{subsection.4.6}%
+\contentsline {subsection}{\numberline {4.7}Input Validation Testing}{9}{subsection.4.7}%
+\contentsline {subsection}{\numberline {4.8}Testing for Error Handling}{9}{subsection.4.8}%
+\contentsline {subsection}{\numberline {4.9}Client Side Testing}{9}{subsection.4.9}%
+\contentsline {section}{\numberline {5}Conclusions}{9}{section.5}%

relatorio/style.sty

@@ -8,7 +8,7 @@
 \usepackage[dvipsnames]{xcolor}
 \usepackage{enumitem,amssymb}
 \usepackage[colorlinks=true,urlcolor=blue,linkcolor=MidnightBlue]{hyperref}
-\graphicspath{{./img/}}
+\graphicspath{{./imgs/}}
 
 \usepackage{enumitem,amssymb}
 \newlist{todolist}{itemize}{2}