.

My new tool (DVWA)

<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Tue Dec 16, 2008 7:46 pm

My new tool (DVWA)

Damn Vulnerable Web App (DVWA) is a web application that is damn vulnerable. Its main goals are to be light weight, easy to use and full of vulnerabilities to exploit. It has been developed for the use of information security professionals and students to test out their skillz and/or toolz in a legal environment.

WARNING!
Damn Vulnerable Web App is damn vulnerable! So don’t upload it to your hosting provider’s public html folder or have it up on any working web site as it will be hacked. I recommend downloading and installing Apache, PHP and MySQL onto a local computer inside your LAN which is used solely for testing.

I do not take responsibility for the way in which any one uses this application. I have made the purposes of the application clear and it should not be used maliciously.

Version: BETA

http://www.ethicalhack3r.co.uk/

I would really apretiate some feedback!  :)
<<

apollo

User avatar

Full Member
Full Member

Posts: 147

Joined: Fri Apr 04, 2008 7:44 pm

Post Tue Dec 16, 2008 9:55 pm

Re: My new tool (DVWA)

This is a neat set of very straightforward exploitable pages.  I have 3 suggestions.  The first one is that your HTML is formatted very nicely in most places, if you formatted your code nicely too then it would be easier to read and to a certain extent understand what is going on with the application.

The second suggestion is since you included something on brutus, include something on .htpasswd files and using john or cain to crack them. Maybe make it something to do with a combination of a LFI. 

Another one might be to create a blind sql injection and suggest a tool like sqlbrute to map out table structure and eventually get the data. 

This is a really nice basic set of test applications to try out these types of vulnerabilities.  Thanks for putting all of these together :)
CISSP, CSSLP, MCSE+Security, MCTS, CCSP, GPEN, GWAPT, GCWN, NOP, OSCP, Security+
<<

ethicalhack3r

Full Member
Full Member

Posts: 139

Joined: Fri Nov 28, 2008 11:29 am

Post Thu Dec 18, 2008 9:45 am

Re: My new tool (DVWA)

Thanks for the feedback!

Ive taken your comments into consideration and implemented most of them!  :)

I have formatted the source code so that it is easyer to read.

Added MD5 encryption to the password's that get inserted into the 'users' table, so when exploiting the SQL injection one can retrive them and crack them.

Im thinking of adding a 'Tools:' section under 'More info:' to add links to commonly used tools for each vulnerability.

Thanks again!!

Return to Tools

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software