THX FOR VISITING..

MOST EVER WORKING HACKS

Saturday, July 14, 2012

Penetration Testing ??? Use DVWA

                 As their website says :- Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. Elaborated :-
DVWA – Damn Vulnerable Web Application
              Script kiddies like me :) would be searching for and finding info on Exploiting vulnerabilities in web applications , such as SQL injection , XSS-CSS and others and testing them live on websites they find vulnerable . 
                But the problem here is that all majorWeb Applications has activity logs and all your code executions and other details including your ip address and other identities gets left there . Check this out :-
               The PHPIDS(Intrusion Detection System) shows that a user from IP 127.0.0.1 has tried to exploit the xss vulnerability by running code - "><script>eval(window.name)</script>".This log available to the admin can cause for serious risks in case of any enquiries . So? How to test these attacks safely . There comes DVWA.
It can be used to practice  :-
  • Brute forcce
  •  Local file Inclusion
  • Remote file inclusion
  • SQL injection
  •  Upload script
  • Command Execution
  • XSS

Installation :-

Like every PHP web application , it require a PHP server to execute , hence use WAMP or XAMPP
  • ·         Download XAMPP or WAMP .
  • ·         Download DVWA from here or direct link – [dvwa.zip].
  • ·         Extract the folder DVWA to C:\wamp\www\   or C :\xampp\htdocs\  (select as per your download XAMPP or WAMP  )
  • ·         Open up your browser and go to : - localhost/dvwa/index.php
  • Click on set up New Database.-> Logout
    .
 Give the default username and password as :- 
  • username - admin
  • password- password







For beginners change the security level to low by :-

Recommended Tools  :-
o   Brute force – Brutus  download
o   SQL injection – Havij Pro download , Firefox addon –SQL INJECT ME .
o   XSS – Mozilla firefox addons – XSS ME .






Happy hunting :) . check how vulnerable it is :-
DVWA can be used on Backtrack linux without installing an LAMPP server . Just copy contents to the root directory and Enjoy.

Thank You
Tony Thomas 

0 comments:

Post a Comment