Posts DVWA



So i am using TryHackMe room to Complete DVWA which is in my list since i started but never Complete it.

Low Security:

Let’s start with low security level


So we have a login page and as we know it isn’t secured we can Bruteforce.
I am using burp intruder and fasttrack.txt.

and here we got Password

Command Injection

The web have a prompt which say we can ping an IP. So we can say maybe the background code is “ping ” and we are running in linux.

Okay got the injection well.

File Inclusion

A simple LFI by changing the ?page= we can get any while in system without restrictions.

To be continued….

This post is licensed under CC BY 4.0 by the author.