Hello I am ayush bagde aka Overide and in this writeup. I’m gonna start a series of DVWA virtual Lab.
Our First Vulnerability is Brute Force on low level of Security. So Let’s Start
So this is our interface of bruteforce:
So there are many tools for bruteforcing some CLI based and some GUI based. The tool or software I’m using is Burpsuite. So I fired up the burpsuite. Let’s say we don’t know the username. So I’m assuming may be its admin.
So I just filled username as admin and password as random strings and intercepted that request in the burpsuite.
Then I send it to the intruder and added some marks on the password field and leave the rest setting defaults.
Then went to payloads section to add the worlist. In this case I am using SecLists.
Then I just clicked on the exploit. Every payload was giving me 200 OK. So I got consufed then I remeber While learning burpsuite that you can determine the working of payload from the length. So the highest length was for the payload password.
So From here I got to know yes. Username is admin and password is password . Let’s try to enter the credentials on the form and enter.
See we got in with the right credentials. Message says “Welcome to the password protected area admin”