Category Archives: Pen testing

DVWA and sqlmap

Leave a Reply

Today I have been using the Damn Vulnerable Web App in conjunction with Burpsuite and sqlmap, two key tools that are part of the Kali Linux distribution.

The DVWA is a comprehensive testing area that you can install on your own machine and attack with whichever tools you feel are fit for purpose. Today, I used Burpsuite to intercept some browser messages, pulling the PHPSESSID out of the network traffic, then I’ve used sqlmap to interrogate the databases (there’s 4 in DVWA) revleaing their table and column structure.

The aim of the DVWA exercises are set out in each area of the application. I’m supposed to using SQLi techniques to gather information that should be secure. I’ll get on with that tomorrow – right now, I’m enjoying exploring the options available to sqlmap which will certainly be of use in the future.

SEToolkit

1 Reply

Today, I’ve been exploring the abilities of TrustedSec’s Social Engineering Toolkit which comes packaged within Kali Linux.

The documentation provided is extensive and extremely thorough and helpful. The navigation within the toolkit is user-friendly an intuitive and the number of options is phenomenal! What a serious piece of kit this is! I am certainly looking forward to delving deeper and using its powerful capabilities.

One small issue I have come across, and this is likely a rookie error on my part!, is updating the Toolkit. The startup screen says ‘There is a new version of SET available.’. I’m running 7.6.3 and the current version is 7.6.5, apparently. One of the opening options is ‘4) Update the Social-Engineer Toolkit’ which you’d think would fix this version difference. But selecting that gives the message ‘You are running Kali Linux which maintains SET updates’ and returns me to the startup screen.

I’ve run apt-get update && apt-get upgrade (as I do every evening in a crontab) but this issue persists. On checking the Github page for the SET, there’s a pile of dependencies listed, so I have added those (all were already up-to-date) and I have tried cloning the github repo but this wouldn’t overwrite the existing folder. I also ran the python script to install the toolkit, again, to no avail. There’s an seupdate file in there but I can’t get it to run; maybe I need more info on that.

Do I delete the whole folder and reinstall? That seems somewhat drastic! As with what I opened, this is probably a rookie error and something I’ll learn with more experience, so I’d best get on and gain some.