At the start of a cold month, that was November we started a new course at our school and namely learning to test the security of defenceless system and gain a perspective on how an attacker would go about doing his business.
The course name can be loosely translated to “Implement System-wide security”. On the second week we got given our course-wide project, to boot up a KALI virtual machine and explore the variety of programs and attack mechanisms that can be used.
In the following article I’ll write about my experiences with KALI, OWASP (purposefully, vulnerable Web App) and also with the MSF (Metasploit Framework)
Installation and setup
The installation is quite easy
Projects
SQL Injection
The first of many attacks that I tried out on the DVWA Platform, was an SQL Injection. Dr. Martin Pound explains in the following video how an SQL Injection Attack actually works and how a Web Administrator can nullify the susceptible entry points.
Link to video
Note: The video was made in 2016, yet is still relevant in today’s time.
Blind SQL goes as follows