WHAT IS DVWA?
DVWA is a DAMM VULNERABLE WEB APP coded in PHP/MYSQL. Seriously it is too vulnerable. In this app security professionals, ethical hackers test their skills and run this tools in a legal environment. It also helps web developer better understand the processes of securing web applications and teacher/students to teach/learn web application security in a safe environment.
The aim of DVWA is to practice some of the most common web vulnerability, with various difficulties levels.
How to use DVWA?
You just have to go to this link http://www.dvwa.co.uk/ and download.
Once you downloaded.
Install it on the virtual machine (VMWARE or VIRTUAL BOX)
You will require XAMPP(for windows)
Then DVWA gives your local IP you can check this by typing in the virtual machine (ifconfing)
Then you have to type this IP in the Browser
That’s it now you in the DVWA Environment.
What are the Benefits of DVWA?
1)Hacking anything without the permission is a Crime. So as a student or beginners from where you got this permission so you can use this. For advanced users to sharpen their skill DVWA is the best platform.
2)In DVWA you do not have to take permission from other.you can simply install this in a virtual environment and start using it.
3)It is very simple to install.
4)This is the best place to do hacking.
5)In fact, this is running in your local environment and it is totally legal.
DIFFICULTIES LEVELS IN DVWA?
As the name suggests DVWA has many web vulnerabilities. Every vulnerability has four different security levels, low, medium, high and impossible. The security levels give a challenge to the ‘attacker’ and also shows how each vulnerability can be counter measured by secure coding.
Impossible: In this level, you will face challenges like CTF and it is harder than the other level. This level gives difficulties which we face in the real world.
High: This vulnerability level gives the user an example of how to secure the vulnerability via secure coding methods. It lets the user understand how the vulnerability can be counter measured. This level of security should be un-hackable however as we all know this is not always the case. So if you manage to bypass it, that you are doing right.
Medium: This security level’s purpose is to give the ‘attacker’ a challenge in exploitation and also serve as an example of bad coding/security practices.
Low: This security level is meant to simulate a website with no security at all implemented in their coding. It gives the ‘attacker’ the chance to refine their exploitation skills.
In DVWA we can test various different kinds of Vulnerabilities.
1)BRUTE FORCE: In the brute force vulnerability we can test whether the login portal is vulnerable to the brute force or not. Here we can try almost all combination of words, number, special symbol. we can also use the dictionary file. The main goals are to crack the login name and password.brute force can be applied in the different parameter. Here we have to brute force login screen.
2)COMMAND INJECT: In the command inject vulnerability the goal is an execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user-supplied data to a system shell. In this attack, the attacker sends operating system commands are usually executed with the privileges of the vulnerable application so here you have an empty field so you can execute os commands on that.
3)CSRF: Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state-changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application. So here we can create a fake page and send it to the victim to perform the necessary steps.
4)FILE UPLOAD: The file upload is a very simple feature just upload the file to the server. To reduce the risk we may only accept certain file extensions, but attackers are able to encapsulate malicious code into inert file types. Testing for malicious files verifies that the application/system is able to correctly protect against attackers uploading malicious files.
The application may allow the upload of malicious files that include exploits or shellcode without submitting them to malicious file scanning here we have to upload shell into the server.
5)INSECURE CAPTCHA: CAPTCHA (“Completely Automated Public Turing test to tell Computers and Humans Apart”) Captchas are usually used to prevent robots to make an action instead of humans. It should add an extra layer of security but badly configured it could lead to unauthorized access.here what we have to do is to bypass the captcha security function by using the tamper data or other methods.
6)SQL INJECTION: SQL Injection (SQLi) refers to an injection attack where an attacker can execute malicious SQL statements that control a web application’s database server. Since an SQL Injection vulnerability could possibly affect any website or web application that makes use of a SQL-based database, the vulnerability is one of the oldest, most prevalent and most dangerous of web application vulnerabilities.
An attacker can use it to bypass a web application’s authentication and authorization mechanisms and retrieve the contents of an entire database. SQL Injection can also be used to add, modify and delete records in a database, affecting data integrity.
7)SQL INJECTION BLIND: In the Blind SQL we cannot see the response at that time. So any type of query which we fire will not show any response at that time. It involves a lot of guesswork on the part of the attacker and takes time for them to gain an understanding of the structure of the data they’re trying to get at, but with skill and perseverance, all the data is still at their fingertips. To make things worse, the guesswork can be easily automated, reducing the time it takes to steal your data.
Two techniques that are commonly used to do this – Content-based Blind SQL Injection and Time-based Blind SQL Injection. Here we have to check whether it is vulnerable to SQL blind or not example by using the time delay.
8)WEAK SESSION IDs: The session prediction attack focuses on predicting session ID values that permit an attacker to bypass the authentication schema of an application. By analyzing and understanding the session ID generation process, an attacker can predict a valid session ID value and get access to the application.
In the first step, the attacker needs to collect some valid session ID values that are used to identify authenticated users. Then, he must understand the structure of session ID, the information that is used to create it, and the encryption or hash algorithm used by the application to protect it. Some bad implementations use sessions IDs composed by username or other predictable information, like timestamp or client IP address. In the worst case, this information is used in the clear text or coded using some weak algorithm like base64 encoding.
In addition, the attacker can implement a brute force technique to generate and test different values of session ID until he successfully gets access to the application. So here we have to find out whether this is producing the weak session id or not.
While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client’s browser.
10)XSS(REFLECT): Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off of a web application to the victim’s browser.
11)XSS(STORED): The persistent (or stored) XSS vulnerability is a more dangerous version of a cross-site scripting flaw it occurs when the data provided by the attacker is saved by the server, and then permanently displayed on “normal” pages returned to other users in the course of regular browsing, without proper HTML escaping.
There is also more Vulnerable machine available like bWAPP, Mutillidae, Metasplotiable you can also try these.
So in a single web app, you can learn many attacks Practically. If you want to know more about training in Cybersecurity Contact US.
For More Cyber Security Related Blog Click Here.
Want to learn this trade tool of hackers!!!
and get this 75$ course for 15$ usd!!!
Get fast limited coupons for KSS blog Readers.