Vulnerability Demo System DVWA (Damn vulnerable Web application) V1.8 penetration test Raiders

Vulnerability Demo System DVWA (Damn vulnerable WEB application) V1.8 Raiders

Test environment:

Operating systems: Windows 8.1, Windows 7

Runtime:. Net Framework 3.5

Php+mysql Integrated test environment: XAMPP V3.2.1

First, download the DVWA from http://www.dvwa.co.uk/and release the file to C:\xampp\htdocs\DVWA

Modify the configuration file config\config.inc.php, set the database connection account and the default security level:

$_dvwa[' db_server ' = ' localhost ';

$_dvwa[' db_database '] = ' DVWA ';

$_dvwa[' db_user ' = ' root ';

$_dvwa[' db_password '] = 123456;

$_dvwa[' default_security_level '] = "low";

Then, visit http://127.0.0.1/DVWA/login.php

The first pass is to consider how to log in.

Here, we plan to take the Hang dictionary for brute force login attempts, which are called Bruter, with the Webcruiser Web Vulnerability Scanner V2.8.0 (http://sec4app.com) as an example.

First, enter a wrong username and password, enter 123 and 456:

After committing, switch to the resend (replay) interface:

Latest request at the top, click on it, you can see the details on the right. Click on the "Bruter" button:

The software automatically switches to the Bruter interface and automatically discovers the username and password fields (if a special parameter name is used, manually select it from the drop-down list). Bruter provides two dictionaries, one that uses a different dictionary for the user name and password, and one that uses a network-compromised (user name: password) combination. Click the "Go" button to start the puzzle:

As you can see, the user name and password that can be logged in are admin/password.

Switch to the WebBrowser interface, enter the user name and password to be guessed, and you can log in successfully.

After logging in, switch to the DVWA Security Settings page, check to see if the security level is low, and if not, modify it so that the DVWA system is a vulnerable version.

Start the test work after DVWA login:

After logging in, there is also a brute force test item, continue to use just the way, enter the user name and password to submit, and find the request in the resend interface:

Continue to click on the "Bruter" button:

This is a get-way request for brute-force guessing, again, click "Go" to initiate the Guess attempt:

Originally, this test item also uses Admin/password this set of accounts.

Next, is the command injection test:

Because it is an environment built under the Windows platform, concatenation of a Windows command dir tries:

Results:

CSRF test, without the use of tools, directly without entering the original password in the case of the change password:

Next, focus on SQL injection and cross-site attack scripting:

Switch to SQL injection, and then click "Scan URL" in the upper-right corner of webcruiser, result:

A SQL injection vulnerability was found. Right-click on the vulnerability entry and select "SQL Injection POC" to initiate the SQL injection utilization tool:

Here, you get the password ciphertext that the root user stores in the database.

Continue with SQL injection Blind test, switch to Web Browser, click on SQL Injection (Blind), "Scan URL":

Continue with XSS reflected, "Scan URL":

A cross-site vulnerability was found:

To continue the storage-type cross-site test, the "Scan URL":

At this point, the items in the DVWA can be tested with tools for automated testing, and other test entries are manually tested.