DVWA Vulnerability: Brute Force

Hello I am ayush bagde aka Overide and in this writeup. I’m gonna start a series of DVWA virtual Lab.

Our First Vulnerability is Brute Force on low level of Security. So Let’s Start

So this is our interface of bruteforce:

So there are many tools for bruteforcing some CLI based and some GUI based. The tool or software I’m using is Burpsuite. So I fired up the burpsuite. Let’s say we don’t know the username. So I’m assuming may be its admin.

So I just filled username as admin and password as random strings and intercepted that request in the burpsuite.

Then I send it to the intruder and added some marks on the password field and leave the rest setting defaults.

Then went to payloads section to add the worlist. In this case I am using SecLists.

Then I just clicked on the exploit. Every payload was giving me 200 OK. So I got consufed then I remeber While learning burpsuite that you can determine the working of payload from the length. So the highest length was for the payload password.

So From here I got to know yes. Username is admin and password is password . Let’s try to enter the credentials on the form and enter.

See we got in with the right credentials. Message says “Welcome to the password protected area admin”

HAPPY HACKING !!!!!

--

--

--

e-JPT | MTA Security Fundamentals | Ethical Hacker Trainer | Cyber Crime Intervention Officer | Cybersecurity Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What happens when we stir the Honeypot!

{UPDATE} FINAL FANTASY IV Hack Free Resources Generator

🌐 How to Detect & Block Malicious Google Chrome Extensions

P1sty for Fraud Prevention

{UPDATE} Thief Rivals Hack Free Resources Generator

{UPDATE} Comet The Spelling Game - Young Adult Hack Free Resources Generator

Bonfida Team Statement

Facebook Vulnerability Gives Access to Almost One Billion of Users Emails

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ayush Bagde

Ayush Bagde

e-JPT | MTA Security Fundamentals | Ethical Hacker Trainer | Cyber Crime Intervention Officer | Cybersecurity Researcher

More from Medium

Define a Static IP Address for a Device or Machine in a Linux Environment

java.util.Date And java.sql.Date

Mr Robot CTF

Day 3 (Wednesday Jan 19)