In this article, I will show you how to attack a lab in DVWA by brute force.
First, as always, check this article if you don't have read this before:
https://pentestsuite.blogspot.com/2021/06/attack-dvwa-weak-session-ids.html?m=1
First you will need to open the target website by internal browser like this:
Just input any username you like to trigger a network connection. (Ofcourse you won't get the correct answer normally)
After that, let's go to the main window of PentestSuite:
I am pretty sure that you have noticed the highlighted message. It's highlighted manually by me.
Click the RESEND button and you will be able to quick copy the message content to the MESSAGE GENERATOR.
In order to brute force the target by this request.
You should definitely long click the SEND button so you would trigger the configuration window:
Now you just need to click the automatic generator button.
First set the target text that's ready to be replaced:
I have specified admin here. You can specify any words you like but make sure this string only occur in the place where you want to inject you payloads.
And my target variables are username and password:
By setting them both to 'admin', they will be replaced synchronously.
Now it's the time to add payloads, grab any useful username and password list from the source you would like to grab.
And just copy it into the payload list EditText:
Now you can directly click the button: START
Comments
Post a Comment