DVWA (Damn Vulnerable Web Application) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
 |
| DVWA Main Page |
Tool : sqlmap, firefox temper data.
Target : database dump from DVWA
Security level : low
Technique : SQL injection
First time login into DVWA by type in the url localhost/dvwa so fill the username : admin and password : password, set up the databases and security level is low.
 |
| Security level |
Next step choose SQL injection and you can try to insert sql statement or query in the text box and you must activate temper data firefox addons, if you are find the error its statement or query cant inject the target. if you are successfully the page showing the query and data.
 |
| Temper data and Sql Injection |
Lets open your sqlmap to exploit database, copy the cookies from temper data to execute injection.
 |
| Sqlmap command and temper data cookies |
DVWA injected, so lets find the database
 |
| Find databases |
Got it....4 databases available
 |
| Database |
Lets take over dvwa database for username and password
 |
| Command to database take over |
Whooops...You can see the password encrypted
 | |
| Find Password |
See the tables from dvwa database
 |
| The command |
 |
| Dvwa Tables |
Lets see more of the tables
 |
| Command to see guestbook tables |
Surving in the users tables from dvwa databases
 |
| Command to showing query in the tables |
 |
| Users Tables |
The database dump
 |
| users dump |
 |
| Password dump |
 |
| Password dump error |
Unfortunely password dump is error,...but lets try againts
 |
| Password dump |
Successfully....
0 comments:
Post a Comment