The Ethical Hacker Network - My new tool (DVWA)

Latest Additions

Who's Online

ethicalhack3r

Full Member

Offline

Posts: 139

My new tool (DVWA)

« on: December 16, 2008, 06:46:29 PM »

Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.

WARNING!
Damn Vulnerable Web App is damn vulnerable! So don’t upload it to your hosting provider’s public html folder or have it up on any working web site as it will be hacked. I recommend downloading and installing Apache, PHP and MySQL onto a local computer inside your LAN which is used solely for testing.

I do not take responsibility for the way in which any one uses this application. I have made the purposes of the application clear and it should not be used maliciously.

Version: BETA

http://www.ethicalhack3r.co.uk/

I would really apretiate some feedback!


	Logged

apollo

Full Member

Offline

Posts: 146

Re: My new tool (DVWA)

« Reply #1 on: December 16, 2008, 08:55:17 PM »

This is a neat set of very straightforward exploitable pages. I have 3 suggestions. The first one is that your HTML is formatted very nicely in most places, if you formatted your code nicely too then it would be easier to read and to a certain extent understand what is going on with the application.

The second suggestion is since you included something on brutus, include something on .htpasswd files and using john or cain to crack them. Maybe make it something to do with a combination of a LFI.

Another one might be to create a blind sql injection and suggest a tool like sqlbrute to map out table structure and eventually get the data.

This is a really nice basic set of test applications to try out these types of vulnerabilities. Thanks for putting all of these together


	Logged

CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+

ethicalhack3r

Full Member

Offline

Posts: 139

Re: My new tool (DVWA)

« Reply #2 on: December 18, 2008, 08:45:33 AM »

Thanks for the feedback!

Ive taken your comments into consideration and implemented most of them!

I have formatted the source code so that it is easyer to read.

Added MD5 encryption to the password's that get inserted into the 'users' table, so when exploiting the SQL injection one can retrive them and crack them.

Im thinking of adding a 'Tools:' section under 'More info:' to add links to commonly used tools for each vulnerability.

Thanks again!!