Tag: DVWA

  • DVWA: Weak Session IDs – Impossible Difficulty Part II

    Last time we quickly ran through the method for cracking the cookies issued by an instance of PHP issuing outputs from mt_rand(). However, the method used was flawed. We can do better just by attacking the problem some more. First, a basic optimisation to solve two problems at once. When running early attack code, I…

  • DVWA: Weak Session IDs – Impossible difficulty Part I

    DVWA stands for Damn Vulnerable Web Application, and it certainly lives up to its name. It’s intended for beginners to the field of hacking – which definitely describes me – and includes a list of challenges commonly seen in real hacking engagements like SQL Injection, Cross-Site Scripting and File Inclusion/File Upload vulnerabilities, etc. How you…