Monday, December 6, 2021

burp suit 2 dumb vulnerable web app

#serve damb vulnerable webpage 
#download folder from https://dvwa.co.uk/
#in config folder, rename config.inc.php.dist to config.inc.php
#cmd
sudo service mysql start
cd downloads/DVWA-master/
php -S 127.0.0.1:80 -t .


#add dvwa to mysql user
#cmd
sudo mysql -u root    
MariaDB [(none)]> USE mysql
MariaDB [mysql]> SELECT User, Host, plugin FROM mysql.user;     
+-------------+-----------+-----------------------+
| User        | Host      | plugin                |
+-------------+-----------+-----------------------+
| mariadb.sys | localhost | mysql_native_password |
| root        | localhost | mysql_native_password |
| mysql       | localhost | mysql_native_password |
+-------------+-----------+-----------------------+
3 rows in set (0.002 sec)

MariaDB [mysql]> CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
Query OK, 0 rows affected (0.001 sec)

MariaDB [mysql]> SELECT User, Host, Password FROM mysql.user;
+-------------+-----------+-------------------------------------------+
| User        | Host      | Password                                  |
+-------------+-----------+-------------------------------------------+
| mariadb.sys | localhost |                                           |
| root        | localhost | invalid                                   |
| mysql       | localhost | invalid                                   |
| dvwa        | localhost | *D7E39C3AF517EC9EF7086223B036E0B4F22821F8 |
+-------------+-----------+-------------------------------------------+
4 rows in set (0.001 sec)

MariaDB [mysql]> show grants for 'dvwa'@'localhost';
+-------------------------------------------------------------------------------------------------------------+
| Grants for dvwa@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `dvwa`@`localhost` IDENTIFIED BY PASSWORD '*D7E39C3AF517EC9EF7086223B036E0B4F22821F8' |
+-------------------------------------------------------------------------------------------------------------+
1 row in set (0.000 sec)

MariaDB [mysql]> grant all on dvwa.* to dvwa@localhost;
MariaDB [(none)]> show grants for dvwa@localhost;
+-------------------------------------------------------------------------------------------------------------+
| Grants for dvwa@localhost                                                                                   |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO `dvwa`@`localhost` IDENTIFIED BY PASSWORD '*D7E39C3AF517EC9EF7086223B036E0B4F22821F8' |
| GRANT ALL PRIVILEGES ON `dvwa`.* TO `dvwa`@`localhost`  

#install dbeaver
#cmd
cd /tmp/mozilla_kali0/ 
sudo dpkg -i dbeaver-ce_21.3.0_amd64.deb
dbeaver &
dbeaver connect to mysql

dumb vulnerable database is created

login user name: admin, password: password
reference:

simple php server

create mysql user

dbeaver
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)