PPT on set up

 This week you will watch Setting Up Damn Vulnerable Web Applications (DVWA) Environment
at https://www.youtube.com/watch?v=LOTaLgY5i5I. Download the image at https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/. Complete at least two scenarios and provide PowerPoint presentations with screenshots of what you did in the discussion forum. 

Please see the example attached. 

Setting Up Damn Vulnerable Web Applications (DVWA) Environment

Ricky Rajendran

After following professor’s instructions and installing the DVWA image, we can enter ‘ifconfig’ to get the IP address.

We can enter the ip address in a different machine to get this page.
We can now enter the username : admin and password : password and access the page
We can then go to DVWA security and change the security level to ‘Low’

Scenario 1 :
After set up, I have decided to perform sql injection by entering random values in User ID field
Once we enter random texts that are recognized by the system it will be evident that we have direct access to the sql database in this scenario.

We can enter – ‘ or 1=1# in the User ID box and on hit of submit it will display all user information saved in the database as seen in the figure above.
This is just a sample DB, but on a much larger scale, many more details more than names like passwords, contact infor etc., can be obtained by hackers.

Scenario 2 :
In this scenarios, we are going to use different instructions like –
‘ UNION ALL SELECT NULL, DATABASE()#
This will provide the details of the database like name which can be used to connect from a remote device.
In a similar situation, we can replace the DATABASE()# with @@VERSION# to obtain the details of the version on the sql database and so on as shown in figure below.

There are many other ways we can manipulate a certain website through SQL injection
We can also use other tools like BURP SUITE to be able to perform Brute Force or File Injection operations available to us and hack the website.