This project focuses on applying web security concepts studied in class, specifically targeting vulnerabilities in web applications using the DVWA (Damn Vulnerable Web Application) on the Metaexploitable2 machine. The goal is to understand and exploit common web vulnerabilities, enhancing skills in cybersecurity.
The practice involves using the Metaexploitable2 machine to perform various activities aimed at identifying and exploiting web vulnerabilities. Each activity targets specific weaknesses, allowing for hands-on experience with security testing methodologies.
- Command Execution Vulnerability: Exploration of command injection vulnerabilities through the DVWA interface.
- SQL Injection: Investigation of SQL injection vulnerabilities to retrieve sensitive data from the database, including user credentials.
- Cross-Site Request Forgery (CSRF): Analysis of CSRF vulnerabilities by attempting to change user passwords without proper authentication.
- Cross-Site Scripting (XSS): Exploiting XSS vulnerabilities to steal session cookies and gain unauthorized access.
- Metaexploitable2: A vulnerable machine used for testing and learning about web security.
- DVWA (Damn Vulnerable Web Application): A PHP/MySQL web application that is damn vulnerable, designed for security testing and education.
- cURL: A command-line tool used to send requests to the web application to test CSRF vulnerabilities.
- John the Ripper: A password-cracking tool used to recover passwords from hashed data.
- Carmen Abans Maciel: GitHub Profile
- Noelia Hernández Rodríguez: GitHub Profile
Each activity and analysis is complemented by detailed explanations, code snippets, and screenshots to illustrate findings and enhance understanding of web vulnerabilities.