Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.






Lost Password?
No account yet? Register
Who's Online
We have 27 guests and 2 members online
EH-Net Donations

Enter Amount:
$

Google Ads
EH-Net News Feeds
Latest Additions
Book Recommendations





 
Advertisement

You are here: Home arrow Forum arrow Resourcesarrow Toolsarrow My new tool (DVWA)
Ethical Hacker Community Forums
January 07, 2009, 09:15:14 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: ChicagoCon 2-Day Ethical Hacking Conference with MS Blue Hats Oct 31 - Nov 1. Tickets Only $100! www.chicagocon.com/content/view/103/51/
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
  Print  
Author Topic: My new tool (DVWA)  (Read 1126 times)
0 Members and 1 Guest are viewing this topic.
ethicalhack3r
Newbie
*
Offline Offline

Posts: 6


View Profile
« on: December 16, 2008, 06:46:29 PM »

Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.

WARNING!
Damn Vulnerable Web App is damn vulnerable! So don’t upload it to your hosting provider’s public html folder or have it up on any working web site as it will be hacked. I recommend downloading and installing Apache, PHP and MySQL onto a local computer inside your LAN which is used solely for testing.

I do not take responsibility for the way in which any one uses this application. I have made the purposes of the application clear and it should not be used maliciously.

Version: BETA

http://www.ethicalhack3r.co.uk/

I would really apretiate some feedback!  Smiley
Logged
apollo
Jr. Member
**
Offline Offline

Posts: 51


View Profile WWW
« Reply #1 on: December 16, 2008, 08:55:17 PM »

This is a neat set of very straightforward exploitable pages.  I have 3 suggestions.  The first one is that your HTML is formatted very nicely in most places, if you formatted your code nicely too then it would be easier to read and to a certain extent understand what is going on with the application.

The second suggestion is since you included something on brutus, include something on .htpasswd files and using john or cain to crack them. Maybe make it something to do with a combination of a LFI. 

Another one might be to create a blind sql injection and suggest a tool like sqlbrute to map out table structure and eventually get the data. 

This is a really nice basic set of test applications to try out these types of vulnerabilities.  Thanks for putting all of these together Smiley

Logged
ethicalhack3r
Newbie
*
Offline Offline

Posts: 6


View Profile
« Reply #2 on: December 18, 2008, 08:45:33 AM »

Thanks for the feedback!

Ive taken your comments into consideration and implemented most of them!  Smiley

I have formatted the source code so that it is easyer to read.

Added MD5 encryption to the password's that get inserted into the 'users' table, so when exploiting the SQL injection one can retrive them and crack them.

Im thinking of adding a 'Tools:' section under 'More info:' to add links to commonly used tools for each vulnerability.

Thanks again!!
Logged
Pages: [1]   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.7 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com
Valid XHTML 1.0! Valid CSS!
Page created in 0.048 seconds with 23 queries.
 
Sponsors

cwnp_moto__120x90.gif

Polls
How many security events including conferences and training do you attend a year:
 
Support EH-Net


Support EH-Net by
Buying all of your
Amazon items using
the search bar above.

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2009 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.