Пропускане към основното съдържание

FOSDEM devroom-perl

dancer_status__NO_AUDIO by nu11secur1ty

devops_logique by nu11secur1ty

life_without_plastic_bags__PARTIAL_AUDIO by nu11secur1ty

modules_ecosystem_perl6 by nu11secur1ty

perl6_beyond_dynamic_vs_static by nu11secur1ty

perl6_for_mortals by nu11secur1ty

perl6_lang_spec_lessons_learned by nu11secur1ty

perl_syntactic_legacy by nu11secur1ty



Popular Posts


REPRODUCE OF THE VULNERABILITY =): Collaboration: silentsignal

DVWA - Brute Force (High Level) - Anti-CSRF Tokens

This is the final "how to" guide which brute focuses Damn Vulnerable Web Application (DVWA), this time on the high security level. It is an expansion from the "low" level (which is a straightforward HTTP GET form attack). The main login screen shares similar issues (brute force-able and with anti-CSRF tokens). The only other posting is the "medium" security level post (which deals with timing issues). For the final time, let's pretend we do not know any credentials for DVWA.... Let's play dumb and brute force DVWA... once and for all! TL;DR: Quick copy/paste 1: CSRF=$(curl -s -c dvwa.cookie "" | awk -F 'value=' '/user_token/ {print $2}' | cut -d "'" -f2) 2: SESSIONID=$(grep PHPSESSID dvwa.cookie | cut -d $'\t' -f7) 3: curl -s -b dvwa.cookie -d "username=admin&password=password&user_token=${CSRF}&Login=Login" "192.168.1


Donate if you are not shame!