Exercise 1: Installing XAMPP
First, we start in the Server VM and in the properties to World Wide Web Publishing Service and stop the service as well as disabling it on startup.
Next, we need to go into Change User Account Control Settings and change it to never notify.
Now we navigate to the xampp installer and run it.
Now it’s installed we need to start the Apache Module and the MySQL module.
Exercise 2: Installing DVWA
We now need to setup DVWA, so we need to extract the zip file to \xampp\htdocs
Now it has been extracted we now need to rename the DVMA-1.0.8 folder to dvwa.
Now navigating to c:\xampp\htdocs\dvwa\config we need to edit the config.inc.php file, we need to find the line ‘$_DVWA[ ‘db_password’ ] = ‘p@ssw0rd’;’ and change to ‘$_DVWA[ ‘db_password’ ] = ”;’
Now we need to setup the Windows firewall to allow specific inbound ports for XAMPP.
Now we need to setup DVWA.
Exercise 3: Exploiting a Command Execution Vulnerability
Now we will test some exploits using DVWA.
Here you can see I can send pings to the server via DVWA, noting the packet size of 32bytes.
Here we can see I can change the size of the packets been sent, this time changing it to 800 bytes.
Using /? lists the commands the program can use.
What can we tell from these results about how the application works?
This application can preform a bunch of ping commands, from information gathering to denial of service attacks, here we can see we can create a command to send pings with a buffer size of what ever we want, which is a good way of preforming DOS attacks.
The server | dir command lists the directory of where DVWA is located because it’s like any directory command, if you just type in dir you will get a list of files within the current directory.
Exercise 4: Exploiting a SQL Injection Vulnerability
Here we can see the SQL injection works by having direct access to the SQL database where we can pull information from within the database.
Exercise 5: Exploiting a Cross Site Scripting Vulnerability
Now we will run an attack with a script that is not part of the original code.
This lab, demonstrated to me what people can do if they can launch this sort of application into your web server/database. It seems like it would be a difficult task to be able to gain physical access to the database to plant this program but, neither less it’s still a scary thought.
I did not have any issues from prior labs when it came to completing this one, which was a nice change.