- Bash
- PHP
- MySQL
- Oracle VirtualBox
- DVWA
- AWS
- Kali Linux
First we will create an Amazon EC2 Instance with SSH and HTTP (Port 80) running:
Then we will start our Kali Linux VM via VirtualBox:
I used my key pair to ssh into the ec2 public ipv4 address:
Then I updated yum and installed docker, yum is a package in linux that manages dependencies:
I started the docker service then ran the DVWA on the server:
Now we can search the public DNS that was given on AWS and sign in using the defult credentials, Username:"admin" Password:"password":
Now we will click on DVWA Security and make the vulnerability level to low, and then click Command Execution :
Below we are going to do a simple ping test using the web interface. So in our case the local host:
Now I use the "cat /etc/password" command. Notice that either a messaging saying illegal IP address was displayed or nothing was returned:
Now I use the IP address with "cat /etc/password". Notice that we are now able to see the contents of the /etc/passwd file.:
Using the "IP address; cat /etc/passwd | tee /tmp/passwd" we are not only displaying the contents of /etc/passwd on the webpage, but also we are copying the /etc/passwd file to the /tmp directory:
This Concludes This AWS Web Application Security on DVWA Project!
NOTE: You can go through the DVWA web application and test more vulnerabilities to gain new experiences!