SlideShare uma empresa Scribd logo

DVWA(Damn Vulnerabilities Web Application)

Transferir como PPTX, PDF
Soham Kansodaria
Soham Kansodaria

In this presentation, you show how to install DVWA in your PC/laptop or system

Software
1 de 26
DVWA
INDEX • Introduction • License &Warning • Installation • Vulnerabilities • How to login (Steps for Solve the problem) • Homepage (attacks) • DVWA security • User Security • Usage 28-09-2017 Preapared By:Soham Kansodaria 2
Introduction • DamnVulnerableWeb Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. • Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. • The DVWA project started in December 2008 and has steadily grown in popularity. • It is now used by thousands of security professionals, students and teachers world wide. • DVWA is now included in popular penetration testing Linux distributions such as SamuraiWebTesting Framework and many others. 28-09-2017 Preapared By:Soham Kansodaria 3
License & Warning • License • DamnVulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License. • Warning • DamnVulnerable Web App is damn vulnerable! Do not upload it to your hosting provider's public html folder or any working web server as it will be compromised. • We recommend downloading and installing XAMPP onto a local machine inside your LAN which is used solely for testing. 28-09-2017 Preapared By:Soham Kansodaria 4
Installation • DVWA is a web application coded in PHP that uses a MySQL back-end database. • DVWA needs a web server, PHP and MySQL installed in order to run.The easiest way to install DVWA is to download and install 'XAMPP' if you do not already have a web server setup. • XAMPP can be downloaded from: http://www.apachefriends.org/en/xampp.html • Then download DVWA from: https://github.com/ethicalhack3r/DVWA/archive/master.zip 28-09-2017 Preapared By:Soham Kansodaria 5
Cont. Installation • After download DVWA uncompressed it. • Linux • Now put the uncompressed folder DVWA into ʻ/opt/lampp/htdocs’. Start Apache with the following command; ʻsudo /opt/lampp/lamp start’.And then DVWA should be accessible from your browser at http://127.0.0.1/dvwa. • Windows • Now put the uncompressed folder DVWA into ʻC:XAMPPhtdocs’.And then DVWA should be accessible from your browser at http://127.0.0.1/dvwa. 28-09-2017 Preapared By:Soham Kansodaria 6
Vulnerbilities • DVWA as the name suggests is vulnerable to the most common types of web application vulnerabilities. • DVWA incorporates most of the Open Web Application Security Project's (OWASP) top 10 web application security risks for 2010 as reported in the OWASPTOP 10 document. • The OWASPTop 10 Web Application Security Risks for 2017 are in next slide: 28-09-2017 Preapared By:Soham Kansodaria 7
OWASP top 10 2017 • A1 :SQL Injection • A2 :Broken Authentication and Session Management • A3 :Cross-Site Scripting (XSS) • A4 :Broken Access Control • A5 :Security Misconfiguration • A6 :Sensitive Data Exposure • A7 :Insufficient Attack Protection (+T10) • A8 :Cross-Site Request Forgery (CSRF) • A9 :Using Components with Known Vulnerabilities • A10 :Underprotected APIs • Find OWASP top 10 of 2017 at : https://github.com/OWASP/Top10/issues 28-09-2017 Preapared By:Soham Kansodaria 8
Vulnerbilities Some of the web application vulnerabilities which DVWA contains; • Brute Force: HTTP Form Brute Force login page; used to test password brute force tools and show the insecurity of weak passwords. • Command Execution: Executes commands on the underlying operating system. • Cross Site Request Forgery (CSRF): Enables an ʻattackerʼ to change the applications admin password. • File Inclusion: Allows an ʻattackerʼ to include remote/local files into the web application. • SQL Injection: Enables an ʻattackerʼ to inject SQL statements into an HTTP form input box. DVWA includes Blind and Error based SQL injection. • Insecure File Upload: Allows an ʻattackerʼ to upload malicious files on to the web server. • Cross Site Scripting (XSS): An ʻattackerʼ can inject their own scripts into the web application/database. DVWA includes Reflected and Stored XSS. • Easter eggs: Full path Disclosure,Authentication bypass and some others. 28-09-2017 Preapared By:Soham Kansodaria 9
How to Login 28-09-2017 Preapared By:Soham Kansodaria 10 After put the folder as above say when you open http://127.0.0.1/dvwa this then show as below which say that DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment. Means rename the file config.inc.php.dist to config.inc.php
Cont. Login 28-09-2017 Preapared By:Soham Kansodaria 11 After rename the file again open http://127.0.0.1/dvwa then you find like this in your browser.So, now following the below steps
Steps for Solve the problem • Step 1: First create the database name dvwa in http://localhost/phpmyadmin/ • Step 2:Remove the password from config.inc.php file find this line $_DVWA[ 'db_password' ] = 'p@ssword'; and remove ‘p@ssword’ • Step 3:Go to the C:xamppphp and find php.ini and open in notepad and find this line: allow_url_include=Off and remove Off and write On • Step 4:Provide recaptcha key in config.inc.php $_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'; $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'; Note:After all step please restart your apache and mysql in xammp which is mandatory. 28-09-2017 Preapared By:Soham Kansodaria 12
Login • After following all above steps click on create/reset Database button then successfully create the database and now you redirect to login page automatically after some time. 28-09-2017 Preapared By:Soham Kansodaria 13
Cont. Login 28-09-2017 Preapared By:Soham Kansodaria 14 Now enter the login credentials as below Login : admin Password : password
Homepage 28-09-2017 Preapared By:Soham Kansodaria 15
Attacks • Low security • Brute Force/Weak Passwords; • http://127.0.0.1/dvwa/login.php • http://127.0.0.1/dvwa/vulnerabilities/brute/ • Command Execution • http://127.0.0.1/dvwa/vulnerabilities/exec/ • Cross Site Request Forgery (CSRF) • http://127.0.0.1/dvwa/vulnerabilities/csrf/ • File Inclusion • http://127.0.0.1/dvwa/vulnerabilities/fi/?page=include.php • SQL Injection • http://127.0.0.1/dvwa/vulnerabilities/sqli/ • http://127.0.0.1/dvwa/vulnerabilities/brute/ 28-09-2017 Preapared By:Soham Kansodaria 16
Cont. Attacks • Insecure File Upload • http://127.0.0.1/dvwa/vulnerabilities/upload/ • Reflected Cross Site Scripting • http://127.0.0.1/dvwa/vulnerabilities/xss_r/ • Stored Cross Site Scripting • http://127.0.0.1/dvwa/vulnerabilities/xss_s/ • Full path Disclosure • Site wide. Set PHPSESSID to NULL. (Null Session Cookie) http://www.owasp.org/index.php/Full_Path_Disclosure • Authentication bypass • If the admin changes the default password (password) and the 'attacker' knows what the default password is.The 'attacker' may access http://127.0.0.1/dvwa/setup.php to reset the database including the password. 28-09-2017 Preapared By:Soham Kansodaria 17
BruteForce ,Command Execution and other attacks • For BruteForce ,Command Execution and other attacks use Software like burpsuite, w3af,Vega, Skipfish, Netsparker, WebSurgery, IBM Rational AppScan and etc. • Burpsuite download: https://portswigger.net/burp/freedownload • W3af download: w3af - Open SourceWeb Application Security Scanner • Vega download: Free and Open SourceWeb ApplicationVulnerability Scanner • Skipfish download: Downloads - skipfish - web application security scanner - Google Project Hosting • Netsparker download: Download aTrial of NetsparkerWeb Application Security Scanner • Websurgery download: SunriseTechnologies • IBM Rational AppScan download: IBM Security AppScan 28-09-2017 Preapared By:Soham Kansodaria 18
SQL Injection • LETS DUMPTHE DATABASE • CHECK IFVULNERABLE : 1’ • EXTRACTTHE DATA (means write in USER ID) • 1’ OR 1 = 1# • 1’ OR 1 = 1 UNION SELECT NULL, TABLE_NAME FROM INFORMATION_SCHEMA.TABLES# • USER,PASSWORD FROM USERS# • MD5 USING JOHNTHE RIPPER 28-09-2017 Preapared By:Soham Kansodaria 19
DVWA Security • As well as being vulnerable, DVWA has some other features which aid in the teaching or learning of web application security. DVWAs Security features can be divided into two parts, one is the security levels and the other is PHP-IDS. • The security levels are named low, medium and high. Each level changes the vulnerability state of DVWA throughout the application. By default when DVWA is loaded the security level is set to High. Below is an explanation of each security level and its purpose. 28-09-2017 Preapared By:Soham Kansodaria 20
Security Levels • High-This level is to give an example to the user of good coding practises. This level should be secure against all vulnerabilities. It used to compare the vulnerable source code to the secure source code. • Medium- This security level is mainly to give an example to the user of bad security practices, where the developer has tried but failed to secure an application. It also acts as a challenge to refine their exploitation techniques. • Low- This security level is completely vulnerable and has no security at all.It's use is to be as an example of how web vulnerabilities manifest through bad coding practices and to as a platform to teach or learn basic exploitation techniques. • Impossible- You can’t attacked it. 28-09-2017 Preapared By:Soham Kansodaria 21
PHP-IDS • PHP-IDS is a popular PHP Intrusion Detection System (IDS) also known as aWebApplication Firewall (WAF). • PHP-IDS works by filtering any user supplied input against a blacklist of potentially malicious code. • PHP-IDS is used in DVWA to serve as a live example of howWAFs can help improve security in web applications and in some cases howWAFs can be circumvented. • PHP-IDS can be enabled or disabled at the click of a button. • DVWA has explicit written permission from the owner of PHPIDS Mario Heiderich for it to be included and distributed within DVWA as long as the licensing is left intact. • For further information on PHP-IDS please visit; http://www.php- ids.org 28-09-2017 Preapared By:Soham Kansodaria 22
User Security 28-09-2017 Preapared By:Soham Kansodaria 23 • DVWA does not emulate web application vulnerabilities, the vulnerabilities within DVWA are real and therefore great care should be taken on where it is installed. • DVWA takes a proactive approach in protecting its users wherever possible. • This is done by bold written warnings at the download of the application and within the application itself. • DVWA can only be accessed from the localhost and not from remote machines, this is done by setting certain rules within the .htaccess file which is part of the application. • User security is of up most importance to the DVWA project. If users do not disable any of these features and follow the advice given, installing and using DVWA will not compromise the security of the machine it is installed on.
Usage • DVWA can be used in a variety of ways. It can be used to teach web application security by showing practical examples and setting challenges for the students. • It can be used as just a learning aid, DVWA is designed as such to be as easy as possible to set up and use. • There is plenty of information within DVWA to help the beginner get started. DVWA can also be used as a reference to secure coding, if a developer is not quite sure if they have protected their application against XSS for example, they can view DVWAs source code as a reference. • After all the DVWA source code has been peer reviewed by thousands of security professionals and students. 28-09-2017 Preapared By:Soham Kansodaria 24
Refernce for learn DVWA • dvwa video tutorial series: • 1-installation of dvwa https://youtu.be/fc7nzhdrcui • 2-bruteforce attack low | medium | high https://youtu.be/6h3nb7rwpvc • 3-command injection low | medium | high https://youtu.be/0ln7nscqlai • 4-file inclusion low | medium | high https://youtu.be/f9oxaenez_e • 5-file upload low | medium | high https://youtu.be/zajcl2hdoey • 6-sql injection low | medium | high https://youtu.be/q2ekwm9kfke 28-09-2017 Preapared By:Soham Kansodaria 25
THANK YOU 28-09-2017 Preapared By:Soham Kansodaria 26

Recomendados

OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
Christian Heinrich
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 

Recomendados

OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
Software Guru
 
OWASP Top Ten
OWASP Top TenOWASP Top Ten
OWASP Top Ten
Christian Heinrich
 
Owasp top 10 vulnerabilities
Owasp top 10 vulnerabilitiesOwasp top 10 vulnerabilities
Owasp top 10 vulnerabilities
OWASP Delhi
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
Rick Wanner
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
stollen_fusion
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
university of education,Lahore
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Edureka!
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Network attacks
Network attacksNetwork attacks
Network attacks
Manjushree Mashal
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
Cygnet Infotech
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
Huda Seyam
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
bilcorry
 
OpenVAS
OpenVASOpenVAS
OpenVAS
svm
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
Ammar WK
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
Amit Tyagi
 
Metasploit
MetasploitMetasploit
Metasploit
henelpj
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
Er Vivek Rana
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low level
hackstuff
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
Rishabh Upadhyay
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
Online
 
Firewall
FirewallFirewall
Firewall
Saurabh Chauhan
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
lalithambiga kamaraj
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
Fabiha Shahzad
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
Michael Furman
 
"><h1>muthu</h1>
"><h1>muthu</h1>"><h1>muthu</h1>
"><h1>muthu</h1>
muthu muthu
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
karthikvcyber
 

Mais conteúdo relacionado

Mais procurados

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
Amandeep Kaur
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
Abdul Rahman Sherzad
 

Mais procurados (20)

Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Network attacks
Network attacksNetwork attacks
Network attacks
 
Security testing fundamentals
Security testing fundamentalsSecurity testing fundamentals
Security testing fundamentals
 
WEP/WPA attacks
WEP/WPA attacksWEP/WPA attacks
WEP/WPA attacks
 
OWASP Secure Coding
OWASP Secure CodingOWASP Secure Coding
OWASP Secure Coding
 
OpenVAS
OpenVASOpenVAS
OpenVAS
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Metasploit
MetasploitMetasploit
Metasploit
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and Awareness
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Dvwa low level
Dvwa low levelDvwa low level
Dvwa low level
 
Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing Ethical Hacking and Penetration Testing
Ethical Hacking and Penetration Testing
 
Network security and protocols
Network security and protocolsNetwork security and protocols
Network security and protocols
 
Firewall
FirewallFirewall
Firewall
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Firewall in Network Security
Firewall in Network SecurityFirewall in Network Security
Firewall in Network Security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 

Semelhante a DVWA(Damn Vulnerabilities Web Application)

Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfWeb sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
aquacareser
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
OWASP
 

Semelhante a DVWA(Damn Vulnerabilities Web Application) (20)

"><h1>muthu</h1>
"><h1>muthu</h1>"><h1>muthu</h1>
"><h1>muthu</h1>
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 
Security, more important than ever!
Security, more important than ever!Security, more important than ever!
Security, more important than ever!
 
Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)
 
Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers Apache struts vulnerabilities compromise corporate web servers 
Apache struts vulnerabilities compromise corporate web servers 
 
Netskope Threat Labs: Cloud As an Attack Vector
Netskope Threat Labs: Cloud As an Attack VectorNetskope Threat Labs: Cloud As an Attack Vector
Netskope Threat Labs: Cloud As an Attack Vector
 
Developing Secure Web Apps
Developing Secure Web AppsDeveloping Secure Web Apps
Developing Secure Web Apps
 
Here Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New WorldHere Be Dragons: Security Maps of the Container New World
Here Be Dragons: Security Maps of the Container New World
 
Rock Solid Deployment of Web Applications
Rock Solid Deployment of Web ApplicationsRock Solid Deployment of Web Applications
Rock Solid Deployment of Web Applications
 
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdfWeb sever environmentA Web server is a program that uses HTTP (Hy.pdf
Web sever environmentA Web server is a program that uses HTTP (Hy.pdf
 
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024Analysis of-quality-of-pkgs-in-packagist-univ-20171024
Analysis of-quality-of-pkgs-in-packagist-univ-20171024
 
Owasp top 10 2017
Owasp top 10 2017Owasp top 10 2017
Owasp top 10 2017
 
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
VMworld 2013: Introducing NSX Service Composer: The New Consumption Model for...
 
SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014SVILUPPO WEB E SICUREZZA NEL 2014
SVILUPPO WEB E SICUREZZA NEL 2014
 
[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities[OWASP Poland Day] Application frameworks' vulnerabilities
[OWASP Poland Day] Application frameworks' vulnerabilities
 
Its just a flesh wound
Its just a flesh woundIts just a flesh wound
Its just a flesh wound
 
Running Java Applications on Cloud Foundry
Running Java Applications on Cloud FoundryRunning Java Applications on Cloud Foundry
Running Java Applications on Cloud Foundry
 
Ransomware: Mitigation Through Preparation
Ransomware: Mitigation Through PreparationRansomware: Mitigation Through Preparation
Ransomware: Mitigation Through Preparation
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 

Mais de Soham Kansodaria

Mais de Soham Kansodaria (9)

Turbo prolog 2.0 basics
Turbo prolog 2.0 basicsTurbo prolog 2.0 basics
Turbo prolog 2.0 basics
 
Digital signature(Cryptography)
Digital signature(Cryptography)Digital signature(Cryptography)
Digital signature(Cryptography)
 
Jdbc driver types
Jdbc driver typesJdbc driver types
Jdbc driver types
 
Enviornmental Studies
Enviornmental StudiesEnviornmental Studies
Enviornmental Studies
 
Elements of Mechanical Engineering
Elements of Mechanical EngineeringElements of Mechanical Engineering
Elements of Mechanical Engineering
 
Physics Dielectric
Physics DielectricPhysics Dielectric
Physics Dielectric
 
Slideshare Engineering Graphics
Slideshare Engineering GraphicsSlideshare Engineering Graphics
Slideshare Engineering Graphics
 
Full threded binary tree
Full threded binary treeFull threded binary tree
Full threded binary tree
 
Dbms 4NF & 5NF
Dbms 4NF & 5NFDbms 4NF & 5NF
Dbms 4NF & 5NF
 

Último

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
panagenda
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Último (20)

%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
tonesoftg
tonesoftgtonesoftg
tonesoftg
 
WSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go PlatformlessWSO2CON2024 - It's time to go Platformless
WSO2CON2024 - It's time to go Platformless
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
Abortion Pills In Pretoria ](+27832195400*)[ 🏥 Women's Abortion Clinic In Pre...
 
%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare%in Harare+277-882-255-28 abortion pills for sale in Harare
%in Harare+277-882-255-28 abortion pills for sale in Harare
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
%in kaalfontein+277-882-255-28 abortion pills for sale in kaalfontein
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 

DVWA(Damn Vulnerabilities Web Application)

  • 2. INDEX • Introduction • License &Warning • Installation • Vulnerabilities • How to login (Steps for Solve the problem) • Homepage (attacks) • DVWA security • User Security • Usage 28-09-2017 Preapared By:Soham Kansodaria 2
  • 3. Introduction • DamnVulnerableWeb Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. • Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. • The DVWA project started in December 2008 and has steadily grown in popularity. • It is now used by thousands of security professionals, students and teachers world wide. • DVWA is now included in popular penetration testing Linux distributions such as SamuraiWebTesting Framework and many others. 28-09-2017 Preapared By:Soham Kansodaria 3
  • 4. License & Warning • License • DamnVulnerable Web Application (DVWA) is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License. • Warning • DamnVulnerable Web App is damn vulnerable! Do not upload it to your hosting provider's public html folder or any working web server as it will be compromised. • We recommend downloading and installing XAMPP onto a local machine inside your LAN which is used solely for testing. 28-09-2017 Preapared By:Soham Kansodaria 4
  • 5. Installation • DVWA is a web application coded in PHP that uses a MySQL back-end database. • DVWA needs a web server, PHP and MySQL installed in order to run.The easiest way to install DVWA is to download and install 'XAMPP' if you do not already have a web server setup. • XAMPP can be downloaded from: http://www.apachefriends.org/en/xampp.html • Then download DVWA from: https://github.com/ethicalhack3r/DVWA/archive/master.zip 28-09-2017 Preapared By:Soham Kansodaria 5
  • 6. Cont. Installation • After download DVWA uncompressed it. • Linux • Now put the uncompressed folder DVWA into ʻ/opt/lampp/htdocs’. Start Apache with the following command; ʻsudo /opt/lampp/lamp start’.And then DVWA should be accessible from your browser at http://127.0.0.1/dvwa. • Windows • Now put the uncompressed folder DVWA into ʻC:XAMPPhtdocs’.And then DVWA should be accessible from your browser at http://127.0.0.1/dvwa. 28-09-2017 Preapared By:Soham Kansodaria 6
  • 7. Vulnerbilities • DVWA as the name suggests is vulnerable to the most common types of web application vulnerabilities. • DVWA incorporates most of the Open Web Application Security Project's (OWASP) top 10 web application security risks for 2010 as reported in the OWASPTOP 10 document. • The OWASPTop 10 Web Application Security Risks for 2017 are in next slide: 28-09-2017 Preapared By:Soham Kansodaria 7
  • 8. OWASP top 10 2017 • A1 :SQL Injection • A2 :Broken Authentication and Session Management • A3 :Cross-Site Scripting (XSS) • A4 :Broken Access Control • A5 :Security Misconfiguration • A6 :Sensitive Data Exposure • A7 :Insufficient Attack Protection (+T10) • A8 :Cross-Site Request Forgery (CSRF) • A9 :Using Components with Known Vulnerabilities • A10 :Underprotected APIs • Find OWASP top 10 of 2017 at : https://github.com/OWASP/Top10/issues 28-09-2017 Preapared By:Soham Kansodaria 8
  • 9. Vulnerbilities Some of the web application vulnerabilities which DVWA contains; • Brute Force: HTTP Form Brute Force login page; used to test password brute force tools and show the insecurity of weak passwords. • Command Execution: Executes commands on the underlying operating system. • Cross Site Request Forgery (CSRF): Enables an ʻattackerʼ to change the applications admin password. • File Inclusion: Allows an ʻattackerʼ to include remote/local files into the web application. • SQL Injection: Enables an ʻattackerʼ to inject SQL statements into an HTTP form input box. DVWA includes Blind and Error based SQL injection. • Insecure File Upload: Allows an ʻattackerʼ to upload malicious files on to the web server. • Cross Site Scripting (XSS): An ʻattackerʼ can inject their own scripts into the web application/database. DVWA includes Reflected and Stored XSS. • Easter eggs: Full path Disclosure,Authentication bypass and some others. 28-09-2017 Preapared By:Soham Kansodaria 9
  • 10. How to Login 28-09-2017 Preapared By:Soham Kansodaria 10 After put the folder as above say when you open http://127.0.0.1/dvwa this then show as below which say that DVWA System error - config file not found. Copy config/config.inc.php.dist to config/config.inc.php and configure to your environment. Means rename the file config.inc.php.dist to config.inc.php
  • 11. Cont. Login 28-09-2017 Preapared By:Soham Kansodaria 11 After rename the file again open http://127.0.0.1/dvwa then you find like this in your browser.So, now following the below steps
  • 12. Steps for Solve the problem • Step 1: First create the database name dvwa in http://localhost/phpmyadmin/ • Step 2:Remove the password from config.inc.php file find this line $_DVWA[ 'db_password' ] = 'p@ssword'; and remove ‘p@ssword’ • Step 3:Go to the C:xamppphp and find php.ini and open in notepad and find this line: allow_url_include=Off and remove Off and write On • Step 4:Provide recaptcha key in config.inc.php $_DVWA[ 'recaptcha_public_key' ] = '6LdK7xITAAzzAAJQTfL7fu6I-0aPl8KHHieAT_yJg'; $_DVWA[ 'recaptcha_private_key' ] = '6LdK7xITAzzAAL_uw9YXVUOPoIHPZLfw2K1n5NVQ'; Note:After all step please restart your apache and mysql in xammp which is mandatory. 28-09-2017 Preapared By:Soham Kansodaria 12
  • 13. Login • After following all above steps click on create/reset Database button then successfully create the database and now you redirect to login page automatically after some time. 28-09-2017 Preapared By:Soham Kansodaria 13
  • 14. Cont. Login 28-09-2017 Preapared By:Soham Kansodaria 14 Now enter the login credentials as below Login : admin Password : password
  • 16. Attacks • Low security • Brute Force/Weak Passwords; • http://127.0.0.1/dvwa/login.php • http://127.0.0.1/dvwa/vulnerabilities/brute/ • Command Execution • http://127.0.0.1/dvwa/vulnerabilities/exec/ • Cross Site Request Forgery (CSRF) • http://127.0.0.1/dvwa/vulnerabilities/csrf/ • File Inclusion • http://127.0.0.1/dvwa/vulnerabilities/fi/?page=include.php • SQL Injection • http://127.0.0.1/dvwa/vulnerabilities/sqli/ • http://127.0.0.1/dvwa/vulnerabilities/brute/ 28-09-2017 Preapared By:Soham Kansodaria 16
  • 17. Cont. Attacks • Insecure File Upload • http://127.0.0.1/dvwa/vulnerabilities/upload/ • Reflected Cross Site Scripting • http://127.0.0.1/dvwa/vulnerabilities/xss_r/ • Stored Cross Site Scripting • http://127.0.0.1/dvwa/vulnerabilities/xss_s/ • Full path Disclosure • Site wide. Set PHPSESSID to NULL. (Null Session Cookie) http://www.owasp.org/index.php/Full_Path_Disclosure • Authentication bypass • If the admin changes the default password (password) and the 'attacker' knows what the default password is.The 'attacker' may access http://127.0.0.1/dvwa/setup.php to reset the database including the password. 28-09-2017 Preapared By:Soham Kansodaria 17
  • 18. BruteForce ,Command Execution and other attacks • For BruteForce ,Command Execution and other attacks use Software like burpsuite, w3af,Vega, Skipfish, Netsparker, WebSurgery, IBM Rational AppScan and etc. • Burpsuite download: https://portswigger.net/burp/freedownload • W3af download: w3af - Open SourceWeb Application Security Scanner • Vega download: Free and Open SourceWeb ApplicationVulnerability Scanner • Skipfish download: Downloads - skipfish - web application security scanner - Google Project Hosting • Netsparker download: Download aTrial of NetsparkerWeb Application Security Scanner • Websurgery download: SunriseTechnologies • IBM Rational AppScan download: IBM Security AppScan 28-09-2017 Preapared By:Soham Kansodaria 18
  • 19. SQL Injection • LETS DUMPTHE DATABASE • CHECK IFVULNERABLE : 1’ • EXTRACTTHE DATA (means write in USER ID) • 1’ OR 1 = 1# • 1’ OR 1 = 1 UNION SELECT NULL, TABLE_NAME FROM INFORMATION_SCHEMA.TABLES# • USER,PASSWORD FROM USERS# • MD5 USING JOHNTHE RIPPER 28-09-2017 Preapared By:Soham Kansodaria 19
  • 20. DVWA Security • As well as being vulnerable, DVWA has some other features which aid in the teaching or learning of web application security. DVWAs Security features can be divided into two parts, one is the security levels and the other is PHP-IDS. • The security levels are named low, medium and high. Each level changes the vulnerability state of DVWA throughout the application. By default when DVWA is loaded the security level is set to High. Below is an explanation of each security level and its purpose. 28-09-2017 Preapared By:Soham Kansodaria 20
  • 21. Security Levels • High-This level is to give an example to the user of good coding practises. This level should be secure against all vulnerabilities. It used to compare the vulnerable source code to the secure source code. • Medium- This security level is mainly to give an example to the user of bad security practices, where the developer has tried but failed to secure an application. It also acts as a challenge to refine their exploitation techniques. • Low- This security level is completely vulnerable and has no security at all.It's use is to be as an example of how web vulnerabilities manifest through bad coding practices and to as a platform to teach or learn basic exploitation techniques. • Impossible- You can’t attacked it. 28-09-2017 Preapared By:Soham Kansodaria 21
  • 22. PHP-IDS • PHP-IDS is a popular PHP Intrusion Detection System (IDS) also known as aWebApplication Firewall (WAF). • PHP-IDS works by filtering any user supplied input against a blacklist of potentially malicious code. • PHP-IDS is used in DVWA to serve as a live example of howWAFs can help improve security in web applications and in some cases howWAFs can be circumvented. • PHP-IDS can be enabled or disabled at the click of a button. • DVWA has explicit written permission from the owner of PHPIDS Mario Heiderich for it to be included and distributed within DVWA as long as the licensing is left intact. • For further information on PHP-IDS please visit; http://www.php- ids.org 28-09-2017 Preapared By:Soham Kansodaria 22
  • 23. User Security 28-09-2017 Preapared By:Soham Kansodaria 23 • DVWA does not emulate web application vulnerabilities, the vulnerabilities within DVWA are real and therefore great care should be taken on where it is installed. • DVWA takes a proactive approach in protecting its users wherever possible. • This is done by bold written warnings at the download of the application and within the application itself. • DVWA can only be accessed from the localhost and not from remote machines, this is done by setting certain rules within the .htaccess file which is part of the application. • User security is of up most importance to the DVWA project. If users do not disable any of these features and follow the advice given, installing and using DVWA will not compromise the security of the machine it is installed on.
  • 24. Usage • DVWA can be used in a variety of ways. It can be used to teach web application security by showing practical examples and setting challenges for the students. • It can be used as just a learning aid, DVWA is designed as such to be as easy as possible to set up and use. • There is plenty of information within DVWA to help the beginner get started. DVWA can also be used as a reference to secure coding, if a developer is not quite sure if they have protected their application against XSS for example, they can view DVWAs source code as a reference. • After all the DVWA source code has been peer reviewed by thousands of security professionals and students. 28-09-2017 Preapared By:Soham Kansodaria 24
  • 25. Refernce for learn DVWA • dvwa video tutorial series: • 1-installation of dvwa https://youtu.be/fc7nzhdrcui • 2-bruteforce attack low | medium | high https://youtu.be/6h3nb7rwpvc • 3-command injection low | medium | high https://youtu.be/0ln7nscqlai • 4-file inclusion low | medium | high https://youtu.be/f9oxaenez_e • 5-file upload low | medium | high https://youtu.be/zajcl2hdoey • 6-sql injection low | medium | high https://youtu.be/q2ekwm9kfke 28-09-2017 Preapared By:Soham Kansodaria 25
  • 26. THANK YOU 28-09-2017 Preapared By:Soham Kansodaria 26