Collaborate Disseminate
I have been doing a bit of dvwa(damn vulnerable web application) and I have a question on CSRF.
There is an additional parameter, a csrf token, which is submitted in the get request.
All the answers i saw on the web uses xss… Continue reading HIGH LEVEL CSRF
I’m learning how to brute force web login pages with a popular brute force tool called “Hydra”. I’m using Kali Linux (VirtualBox) to do this. I’ve installed DVWA (Damn Vulnerable Web Application) and I’m running it locally.
NOTE: I’m try… Continue reading Brute-Forcing DVWA login page with hydra
I am busy with making a comprehensive writeup of DVWA for our junior employees. The high level of the file upload I do not seem to get to work except if I use the file include vulnerability and upload a image with php script … Continue reading DVWA file upload High without other vulnerabilities
Hello and good evening,
i’ve recently tried to improve my pentesting skills and learn more about it with metasploitable 2. I am trying some things on the DVWA.
For the moment, i am learning the basics of Burp Suite (more pr… Continue reading DVWA: "Hacking attempt detected…"
I’m working with 2 VMs (Ubuntu 18 and Kali). Ubuntu’s VM has XAMPP with DVWA running on it at the minimum security. I’m trying to attack the DVWA from the Kali’s VM. After performing a SQL Injection, I get the users and the p… Continue reading Unable to get a full html page to get the passwords with John the Ripper [on hold]
I’m trying to catch SQL Injection attacks from DVWA with sqlmap, I’m using the most simple option it provides, but it’s strange that sometimes it works and other it doesn’t, showing a message similar to:
…parameter ‘X’ doe… Continue reading DVWA cant be injected with SQLMAP [id is not injectionable]
I’m using sqlmap to exploit databases in a DVWA-project.
However, after having exploited the database, I executed the following command to learn that the user is dvwa@%:
sqlmap -u “http://192.168.71.130/dvwa/vulnerabilitie… Continue reading How to make Sqlmap obtain administrator rights for database?
I’m trying to find some deliberately vulnerable Flash applications that I can practice security testing on (in the same vein as applications like the Damn Vulnerable applications).
Ive noticed there are a lot of resources o… Continue reading Deliberately vulnerable Flash applications?
This is the command I am using and when I press Enter :
hydra -L username.txt -P passwords.txt localhost http-post-form “dvwa/login.php:username=^USER^&password=^PASS^&Login=”Login Failed”
>
This arrow shows up and… Continue reading Hydra brute-force not working
I am using Kali Linux in the VMware Workstation environment. I set up XAMPP successfully but I am running into the problem that is shown below. How do I fix the problem? I have gone directly to the file and folders in questio… Continue reading DVWA setup on XAMPP writable folder and writable file problem