Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

DVWA Learning part 1: brute force cracking

2025-03-04 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

1 introduction of test environment

1. Use Burpsuit tools for brute force cracking

2. The test environment is DVWA module in OWASP environment.

2 Test step 2.1 set up browser proxy

First run the Burpsuit tool, set the listening address and port, and then set the proxy IP and address in the browser. As shown below:

2.2 crawling landing page data

Turn on the Burpsuit intercept function, grab the login account and password of the login page, this password is actually wrong, and what we need to explode is this password.

2.3 send to * * module (Intruder module)

Right-click on the request page you just intercepted and select send to the * * module.

2.4 * Module setting parameters

Select the Intruder menu to enter the * * module, click "Position", then click "clear$" on the right to clear all the parameters, select the username and password fields, and then click "Add$", which indicates that only these two fields need to be included. If you want to break up multiple fields, the same method of operation.

Select the * mode and select "cluster bomb".

2.5 set * dictionary

Click the "payloads" menu to enter the settings * dictionary, the password of the dictionary can be added one by one, or you can load the password dictionary. The 1 of the Payload set column indicates the content of the username field, and 2 indicates the content of the password field, which is determined by the order of the parameters set by the previous positions.

2.6 start *

Click "start attack" to proceed with *. A window will pop up after *.

2.7 * * result analysis

From the result analysis, we can see that the value of a row in the length field is different from that of other rows, so what is different is the final result, that is, the line with a value of 5075 in this test is the correct password, and the password is admin. The blast was successful.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Passwords fields modules selections dictionaries tests content parameters environment results pages explosions logins addresses that is tools browsers menus order agents vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple MariaDB Shulou Technology vpn Apple NVidia OPPO Reno Shulou Information Xiaomi Docker Linux Redmi MySQL Microsoft macOS Huawei Shulou Tech Info MariaDB Shulou Technology vpn Apple NVidia OPPO Reno Shulou Information Xiaomi Docker Linux Redmi MySQL Microsoft macOS Huawei Shulou Tech Info

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report