search

DVWA Exercises 1

hashtag
01. Bruteforce Attack 1

Login with admin / admin

In burp click on forward until you see the post request. Hit Ctrl + i to send it to the Intruder tab

Goto Intruder, choose Cluster bomb as Attack type. Clear all variables and add the value of username and the value of password. For both we want to provide a wordlist.

Generate passwordlist:

gunzip /usr/share/wordlist/rockyou.txt.gz

head -20 rockyou.txt >passwords.txt

Generating a small password list

For payload 1 I'll add 4 usernames

For payload 2 I'll load the password list

Start the attack and check Response header

failed logins will stand on login.php

hashtag
02. Bruteforce Attack 2

Let's login with admin / password and solve the bruteforce exercise

submit wrong credentials admin / test and fire up the intruder modul

Set the payload and start the attack

Check content length

PreviousDVWANextDVWA Exercises 2

Last updated