4 - SQL Injection and Password Cracking Attacks
4 - SQL Injection and Password Cracking Attacks
2- Install the DEVSERVER easy php and UNCHECK the ‘Launch easyPHP Devserver’
5- Download the DVWA from http://www.dvwa.co.uk/ unzip the file and put the folder
inside a newly created folder in ‘EasyPHP-Devserver-17\eds-www’ called ‘dvwa’
3|Page
11- Click on create database button at the bottom, and click on login after database is created.
After starting dvwa (login: admin and password: password) change its security level to
"low" and try SQL injection attacks (SQL Injection menu).
Attacks on DVWA
SQL injection is often used by hackers to exploit security vulnerabilities in your software to
ultimately gain access to your site’s database. In this part of the lab, we will attack the DVWA
platform with SQL injections. DVWA allows security administrators to test their knowledge
related to web application attacks.
To do:
1. Display the list of database users.
2. Display the contents of the notes.txt file located on c: /
3. Display the logins and passwords of the users stored in the table.
4. The passwords thus recovered by SQL injections are “hashed” (Secure Hash). To be able
to determine their values in clear, we will use the John the Ripper software (you can
download it or use it in the VM kali 2020)
Create Password Hash File, copy username and password to a notepad file. Now you
should see the user admin and the password hash separated by a ":" on the same line.
5|Page
Cut the username and password combinations for other users and paste in this file as well.
Check if the passwords are broken.
Try to login with cracked user account.
5. Now change the security level of the DVWA platform and put it in medium. How would
it be possible to list the list of users by an SQL injection?
6. Now set the security level to High and check the source code of the corresponding page.