DVWA Brute Force Low-Level Security
how you can complete a brute force attack on dvwa(Damn Vulnerable Web Application) on low security.
How to Setup DVWA here
After Setup DVWA web app now go to your login page and type default username and password
First, after login your dvwa account we change our dvwa security level I am choosing security level low and got to our next step
We see the dvwa test login page now open your burp suite and connect with the proxy server and click the Intercept button login field you type any character and click the login button and
our request is captured in the burp suite right click your burp suite and send the request intruder for brute force attack
our all field are selected click the clear button and clear all selected field
changing our Attack type mode cluster bomb for username field and password field and double click your username and click the add button and the
the second step is adding our password field now again double click the password field and click the add button
see the image file our username and password field is selected go to payloads section and import your username wordlist
I add command name our list
next step is adding wordlist for the password field changing our payload set now choose 2 fields and Load our password lists and click the start button
After completing our payloads now finding our right password double click the Lenght button and we see the different length our first table
checking the username and password select our first field and go-to response button and click the Render page
we see the dvwa message Welcome to the password-protected area our Bruteforce level is complete
DVWA Brute Force Low Level Security here