DEV Community: Dylan Kim

Hack the box

Dylan Kim — Thu, 09 May 2024 02:41:12 +0000

Hack The Box aims to make hacking a new gaming paradigm through an intuitive and captivating user experience. A user-centric approach guides all our new product and brand endeavors. To the left of the Dashboard is the navigation menu.

Brute Force

Dylan Kim — Thu, 09 May 2024 02:37:01 +0000

💡 "Attack methods that substitute every possible value to unlock a particular password"

It is also called a 'indiscriminate encryption attack'.

It can be defined as an attack method that attempts to hack a device connected to the network by randomly and continuously entering a password, PIN number, and encryption key.

Since all possible values must be substituted, a pre-file that can store that much data is usually required.

It's a fairly old style of attack, but it's still effective and still popular.

The criterion for success of this attack is the 'time' it takes to crack a password.

(Anyway, it's an attack that's going to break through one day)

The longer the password, the more time it takes to crack it.

According to Cloudflare,

If you use 15 million keystroke attempts per second, a seven-character password cracks in nine minutes.

However, it takes 350,000 years to crack a 13-character password in the same way.

1) When generating passwords, it is recommended to generate complex passwords with at least a certain length, including case/special characters/numbers, etc.

(page where password stability can be tested)

https://howsecureismypassword.net/

2) Set up an account lock function to prevent further login attempts if the login failure exceeds a certain number of times (significantly lowers the success rate of the attack)

3) Added the ability to unlock the account after a certain period of time, or to initialize the password through the user's additional authentication (mobile, email, etc.)

Preparation (Installation, environment settings)

Dylan Kim — Wed, 08 May 2024 03:28:03 +0000

Finally, my long-awaited first DVWA web hacking project has begun.

I've walked a lot of roads.

There were times when it was a little hard, but I grew dramatically.

And in the future, it will grow in a more positive direction.

Apache2 Settings

a reference page

First, I will install the necessary environments in Cali Linux.

I set up apache2, which will serve as the most basic web server.

MySQL settings

I set up mysql to serve as a database.

Installing and Setting Up DVWA

I downloaded the DVWA from Github as follows and set up the necessary files.

DVWA access

If you access through localhost, you will see the login screen as described above.

id: admin

pw: password

The initial screen appears, and when you press the Create/Reset Database below, the initial setting is automatically completed, and it returns to the login screen.

If you log in again,

An environment for practice will be established as shown in the figure.

Web Hacking - DVWA

Dylan Kim — Wed, 08 May 2024 03:22:13 +0000

✨ This is the write-up for low, medium and high security levels of all labs of DVWA (Damn Vulnerable Web Application), written by D.Kim.

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and to aid both students & teachers to learn about web application security in a controlled class room environment.

The aim of DVWA is to practice some of the most common web vulnerabilities, with various levels of difficulty, with a simple straightforward interface. Please note, there are both documented and undocumented vulnerabilities with this software. This is intentional. You are encouraged to try and discover as many issues as possible.

Newbie!

Dylan Kim — Wed, 08 May 2024 03:21:10 +0000

Hiya!
just joined DEV.to!