Vulnerawa is a vulnerable web application designed by me to simulate real-time websites. It has been designed to help beginners understand website hacking clearly. It can be downloaded from here. Today I am going to show how to setup Vulnerawa in EasyPHP. EasyPHP is a portable WAMP server for PHP web development and web hosting on Windows. Go here and download the EasyPHP DevServer 14.1. Install the Devserver. The installation is quite simple. However when it asks where to install EasyPHP server, set it in a folder where there will be no clash of user rights. I set it in the C:/ folder as shown below.
Once installation is finished, start the server. As the server starts, there should be a icon in the taskbar showing the status of the EasyPHP Dev server as shown below.
See there and make sure your server has started. If it didn’t start, start the server as administrator. Now open your browser and type “localhost” in the URL bar. If the result is as shown below, Your EasyPHP server installation is successful.
Now go to the folder where vulnerawa1.0.2.zip file you downloaded is located and extract the contents of the zip archive to the folder shown below. This is the root folder of the server.
Now in the URL bar type “localhost/vulnerawa1.0.2” and hit Enter. If you get the result as below, you are all ready to play with Vulnerawa.
Before you start practicing, create the database by clicking on button “Create Database”.
Download the above software to your system. Install Wamp server. For this WAPT lab, we will use Vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the Wamp server. Now open a browser and and type localhost in the URL bar to see if you can see the victim webapp as shown below.
Click on “Create Database” to create some data which we will use in our future howto’s.
Now let’s change the permissions of the Wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.
You should see the httpd.conf as shown below. Type CTRL+F and search for word “stuff”. After you find it, make changes as shown below in the red box. Save the file by typing CTRL+S and restart the Wamp server.
Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.
Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.
Your web application pentest lab is ready. Happy hacking.
Good Evening friends. Today we will see how to setup Vulnerawa in Wamp Server. For those newbies who don’t know what is Vulnerawa, it is a vulnerable web app coded by me to simulate a real website for practice. Read more about it here. First, download Wamp Server from here as appropriate to your system requirements. We will use “WAMPSERVER (64 BITS & PHP 5.3.10) 2.2d″ for this howto. Install the Wamp Server. Open browser and type “localhost” in the URL bar to see if Wamp server is working as shown below.
We can see that there are no projects available. Now download Vulnerawa from here. You will find a zip file as shown below. Now we will extract the contents of this file into the root folder of Wamp server. Right click on the zip file, go to 7-zip as shown below ( or any other unzipping software ) and select “Extract files” option. Extract the files to the folder “C:\\wamp\www” which is the root folder for Wamp server.
Now lets check the root folder to see if the files are extracted. Go to wamp server’s root directory and you should see the folder named “vulnerawa1.0.2” as shown below.
Now open your browser and type “localhost” once again. Now we can see our projectVulnerawa1.0.2 listed in the Projects section as shown below.
Click on the project. If you see the below webpage, then you have successfully setup Vulnerawa. If it gives you some error go to the url and type “http://localhost/vulnerawa1.0.2” directly. Happy hacking practice.
Vulnerawa stands for “Vulnerable Web Application”. This vulnerable web application developed by me is still in its nascent stages. I have started developing “Vulnerawa” to simulate a real website, i.e practice website hacking on this application and you are ready for hacking real websites. It is available for download here, it has only SQL Injection vulnerabilities. (Go here to see how to setup Vulnerawa). Here’s a picture of Vulnerawa below.
This vulnerable web app has two SQL injection vulnerabilities, url based and Login Bypass. As an example, let’s see login bypass using SQL injection. Click on link “Login”. You will be greeted with a login form. Enter single quote character(‘) as shown below in the picture below and click on “Submit”.
You will get an error as shown below, i.e the web app is vulnerable to SQL injection. This trick also works on real-time websites if they are vulnerable to SQL injection.
Hi Friends. Today we will see how to perform SQL injection with sqlmap. Sqlmap is an “open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers “. It is pre-installed in Kali Linux. For this tutorial I am using Vulnerawa as target and it is necessary to setup a webapp pentest lab with it. See how to set up a webapp pentest lab.
If the webapp pentest lab is all ready. Open the browser in Kali linux and type the address as shown below.( the ip address may differ for you ). You should see the Vulnerawa web page as shown below. Click on “About”.
The below webpage will open. It shows about the founders of Vulnerawa.
Click on “founder 1”. It will show brief details about him as shown below.
Similarly go back and click on “Founder 2” and “Founder 3”. The result will be as below. Now if you have observed, the “id” parameter in the URL changes as we click on different users. For founder 1, it is 1 and sequentially.
Now introduce a single quote( ‘ ) character in the URL. after the number as shown below.
Click on “Enter” and the page will show an error as shown below. “You have an error as shown below……..”. This is a clear sign that the webpage is vulnerable to SQL injection.
Now open SQLmap from the path as shown below.
Now copy the vulnerable url and type the following command the terminal. Here -u stands for url.
The result will be as shown below. It will reveal the website technology and the scripting language used.
Now let’s grab the banner of the website. Type the following command and hit “Enter”.
You can see the banner as shown below.
To see the current user of the website, type the following command.
The current user can be seen as below.
Now let us see the current database used by the website. Type the following command.
We can see that the current database is “Vulneraw”.
Now let us see all the tables present in the database “Vulneraw” by using following command.
We see that we have only one table in the current database. The table is “users”.
Now lets see the number of columns in the table “users”. Type the following command.
We see there are four columns in table “users”.
Now let’s dump the values of two columns username and password by typing the following command.
The result is as below. we got the username and passwords.
If we want to dump all the entries of the table, type the following command.
Here are the entries.
Now let’s see if we are lucky enough to get the shell of the target. Shell is the target machine’s command line or terminal. Type the following command.
It will prompt us to enter the application language being used by the website. We already know it is PHP. Enter its value. Next it will prompt you to enter the writable directory. You cam choose your option wisely. I chose the default root directory for Wamp server. Hit on “Enter”.
I successfully got the os-shell. Now let’s try some commands. Type “dir” to see the contents of the root directory. It works as shown below.
Let’s see how many users are there on the system. Type the command “net user” . We can see the users listed as below. Happy hacking practice.
To find sites vulnerable to this sql injection use google dork “site:.com inurl:id=1” or similar dorks. That’s all in this tutorial. See how sql injection works.