Scribd Logo
Upload

Welcome to Scribd!

  • Dvwa-Csrf - 4

    Uploaded by

    Quratulain Tariq
    16 views2 pages
    The document discusses using DVWA (Damn Vulnerable Web Application) on TryHackMe and Kali Linux. It describes how to perform brute force attacks using Burp Suite to try all username and password combinations from a list. It also discusses command injection vulnerabilities and provides a link to a YouTube video about command execution exploits.

    Original Description:

    Original Title

    DVWA-CSRF -4

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses using DVWA (Damn Vulnerable Web Application) on TryHackMe and Kali Linux. It describes how to perform brute force attacks using Burp Suite to try all username and password combinations from a list. It also discusses command injection vulnerabilities and provides a link to a YouTube video about command execution exploits.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views2 pages

    Dvwa-Csrf - 4

    Uploaded by

    Quratulain Tariq
    The document discusses using DVWA (Damn Vulnerable Web Application) on TryHackMe and Kali Linux. It describes how to perform brute force attacks using Burp Suite to try all username and password combinations from a list. It also discusses command injection vulnerabilities and provides a link to a YouTube video about command execution exploits.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Downloading DVWA

    https://www.youtube.com/watch?
    v=PaB17Cc0dUg&list=WL&index=1&t=671s
    I used DVWA in tryhackme in kali and used open VPN.

    Brute force on tryhackme:


    Setup burpsuit and turn onn intercept. Enter credentials in ‘Brute force’ section of DVWA. Turn off
    the proxy on burpsuit but before that pass it on to the intruder.

    ON intruder select ‘clear’

    Position - Double click on the values of the credentials and select ‘add’

    From payloads select ‘cluster bomb’ (it tries all combinations of username and password)

    Payload – from list select ‘runtime list’ and add a txt file for users and password.

    Go to page source to copy the text of the error and add it. it helps to interpret the results (1,1 etc.)

    Csrf
    CHANGE PSWD AND COPY ITS URL

    Create a html file and paste the link init.

    Execute it through sever.

    Command Execution
    Command injection or also known as Remote Code Execution in terms of web
    exploitation, can be possible to a certain website accepts added strings of characters or
    arguments; the inputs are used as arguments for executing the command in the website’s
    hosting server. 
    https://www.youtube.com/watch?v=jmMbPbZjW40

    You might also like