We’ve already learned how to install DVWA, now, let’s try it to search some sites’ vulnerabilities.
This is the DVWA homepage
For a beginner, set the security level to low
Go to command injection. You can ping any IP address or domain from any websites but in my case this time, let’s try google.com. Then click submit.
After that, you’ll see ping results. That means we success accessing it. Then scroll down and see the source code to analyze it.
Now set the security level to medium
Medium Security
High Security
But there is still a vulnerability
Now try it like this
Upload a shell
To put a shell, do to ~hackable/upload directory like the picture bellow.
Then use wget and type the link that consists of the php file for the shell
Go to your hackable/uploads directory and there will be the php file for the shell