Download the owasp BWA (broken Web application) of the virtual machine, starting from the DVWA to practice, but the first step of the login interface username and password is not what is said on the Internet admin and password, Even the DVWA installation documentation is incorrectly given to the admin and password. After a few twists and turns to find the login interface password has changed to the admin, keep forgetting.
See login.php under DVWA's web directory/OWASPBWA/OWASPBWA-SVN/VAR/WWW/DVWA in BWA target drone, discover the MD5 value of PHP calculation password at login, and connect to MySQL database in the background.
Check the/owaspbwa/owaspbwa-svn/var/www/dvwa/config/config.inc.php configuration file and learn that the user name, database name and password for MySQL connection are DVWA
Go to MySQL database: Mysql-u dvwa-p. After entering DVWA, connect to MySQL at the MySQL prompt and enter
Use DVWA;
Show tables; See the Users table, and then
select * from Users; Can see the user named Admin, its password for 21232F297A57A5A743894A0E4A801FC3, fortunately this MD5 is relatively simple, Google it can know is the MD5 value of admin, Use the Python statement hashlib.md5 (' admin '). Hexdigest () can also be easily verified. Therefore, the username and password of the Dvwa login interface should all be admin.