DVWA: Damn Vulnerable Web Application Brute Force Walkthrough (Medium Security)
"Disclaimer: The information provided in this article is intended for educational and research purposes only. It is not intended to promote or encourage any illegal or unethical activities. Always act responsibly and obtain proper consent before using any tools or techniques described in this article."
This tutorial demonstrates how you can complete a brute force attack on DVWA (Damn Vulnerable Web Application) on medium security.
We’re going to jump straight in, so if you haven’t already, I recommend working through the previous tutorial for the low-security brute-force attack.
Firstly, login into DVWA and change its security level to medium.
Now, Let’s start by running the same Hydra command from the last tutorial and see what happens:
hydra 10.0.2.5 -l admin -P password.txt http-get-form "/dvwa/vulnerabilities/brute/index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect."
The above attack will still work. But what you should notice is that the attack takes significantly longer than before.
Source Code Analysis
The medium level has the following changes to the code.
- Input sanitization
Instead of directly feeding the user input into an SQL query, it sanitizes the user input to avoid SQL Injection. But this is not effective in brute-force attacks.
New code :
Old code:
- Sleep after login failure
If a user fails to provide a valid credential, it forces the code to sleep for 2s which slows down the brute-force attack. It takes more time for attackers to brute-force the site but eventually it is still possible to successfully brute-force the password.
The walkthrough for brute forcing on high security will follow soon.
If you got stuck or have any questions, leave a comment, and I’ll do my best to get back to you.
Post a Comment