A) Hack a website by Remote File Inclusion.
Local file inclusion and Remote file inclusion
What is DVWA?
PHP/MySQL web application that is vulnerable.
Main goals:
To be an aid for security professionals to test their skills and tools ina legal environment Help web developers better understand the processes of securingweb applications.
Aid teachers/students to teach/learn web application security in aclass room environment.
Questions:
A website attack named Remote file inclusion is basically a one of the most common vulnerabilities found in web application. This type of vulnerability allows the Hacker or attacker to add a remote file on the web server. If the attacker gets successful in performing the attack, he/she will gain access to the web server and hence can execute any command on it.
Step 1: Install XAMPP and Create Database.
mysql –u root
show database
create database dvwa
show database
Step 3: Download DVWA-master.zip
Step 4: Install DVWA in C:\xampp\htdocs
Step 5: Go to C:\xampp\htdocs\DVWA-master\config. Change the file name config.inc.php.dist toconfig.inc.php
Step 6: In the browser, enter http://localhost/dvwa-master/setup.php . Scroll below find:
Step 7: Next, it opens the window below: http://localhost/DVWA-master/login.php
Step 8: Enter default credentials username =admin and password=password We are now logged into DVWA
Step 1: Create a login.php/registration.php for your website. Perform local file inclusion using DVWA
Step 2: On the address bar, set page attribute to http://localhost/sqlinjection/login.php
Step 3: Perform remote file inclusion using DVWA. Display the home page of www.google.com
On the address bar, set page attribute to http://www.google.com
Using Firefox, disguise/emulate as google bot.
Step 1: To determine the user agent of Firefox
• Go to Mozilla: http://www.proxyserverprivacy.com/
• Select detector proxy
• Select advanced proxy detector
Output:
Step 2: To find out the string for google bot.
To change the above user agent to Googlebot
• Go to http://useragentstring.com/
• Locate the string for google bot
• Googlebot/2.1 (+http://www.googlebot.com/bot.html)
Step 3: Configure
Go to Firefox
Type about: config
Type general.useragent.override and assign
Googlebot/2.1(+http://www.googlebot.com/bot.html)
Go to http://www.proxyserverprivacy.com/ to check that the user agent is Googlebot