独家优惠奖金 100% 高达 1 BTC + 180 免费旋转

DVWA and Mutillidae

I am using Burpsuit for this lab.
We first configure burpsuit and our browser proxy. I am using firefox here for my convenient i’m using foxyProxy a firefox extension which allows me to switch my proxy setting in firefox hassle free.

Try to login with username admin and password as test.

Then I start to bruteforce password by using wordlist which is locate in my /usr/share/SecLists/Passwords/probable-v2-top207.txt and greping the Username and/or password incorrect in the brup options. I found password is the correct Password for admin.

For security level medium it is still possible to bruteforce just it has 2 sec delay for each request to accept. That means it eventually consume time.

2. Command Injection

By pinging the localhost i.e. 127.0.0.1

I see its a command ping -c4. I use payload as 127.0.0.1 | ls and I got list of file available. Also able to read index.php file.

For the security level: medium

When I read source code they delete the input if contains && or ; that means my above command is still able to get index.php content.

For Security level: high

After looking source code I just need to change my command. 127.0.0.1 |cat index.php.

3. File Inclusion

4. File upload

For this I create a php file to connect a shell from weevely with payload weevely generate test reverse.php.

Then I upload this file since it’s low on security it accepts anything and I got the location of that file. Then I try to connect it by weevely by using command. And I got the shell.

5. SQL Injection

I Know sql language so I use the command 1' union select user,password from users# and I got the users username and password of all in database.

6. SQL (blind) Injection

In this I use burpsuit to verify sql injection I use the sleep function to check the response of request. Send this request to intruder and make a squence attack.

As time increase response length also increase this confirms blind injection.

7. XSS (DOM)

When we select English it reflect the selection on url so I try to append a alert script.

8. XSS (reflected)

Here I try to run the same script through input.

For Medium level Security

by Capitalizing some of letters in command it doesn’t change the command.

Lab 1:

I use Netcat to get server response header. I create a file nett and edit it with the headers. Then pass the file as a input to netcat with port no and mutillidae IP. Where I see it running of apache/2.4.54

Lab 6:

After Navigating to user-info page I try to add a payload \ in the username field and enter. It cause error in SQL and shows the file causing the error.

Lab 12:

For this Lab I have to navigate to DNS Lookup. Where I use a pwd command with localhost to see it works.

It works so use cat to see the content of etc/passwd file where I can see existing users.

Lab 13:

I use wireshark to see traffic of my interface by pinging the localhost.

Here I see only request and replay packets are available.

Lab 18:

For this lab I have to navigate to edit user profile I retrive the password admin using sqlmap which is adminpass so using this I login as a admin.

Then I try to edit password and change the uid from 1 to 4. We ended up editing jeremy instead of admin.

Add a comment

What is your view?

Send

Related posts:

LOCALIZATION INCREASES USER GROWTH

In a context of increased Dare App usage we’re getting ready for some severe UX simplifications that are assumed to positively impact onboarding, retention and ROI. See a sneak peak on the screenshot…

References

The principles of quality interface design are heightened when designing for particular groups that might face some kind of difficulty when interacting with “typical” UI’s. In this particular…

Get Success with the Help of Professional PPC Management Agency

If talking about Pay per click (PPC) advertising then it is a challenging industry. While performing your own PPC management may appear to be less costly on the surface, it may end up costing you…