dvwa brute force low level

DVWA Brute Force Low-Level Security

how you can complete a brute force attack on dvwa(Damn Vulnerable Web Application) on low security.

How to Setup DVWA here

After Setup DVWA web app now go to your login page and type default username and password

First, after login your dvwa account we change our dvwa security level I am choosing security level low and got to our next step

dvwa brute force

We see the dvwa test login page now open your burp suite and connect with the proxy server and click the Intercept button login field you type any character and click the login button and

our request is captured in the burp suite right click your burp suite and send the request intruder for brute force attack

dvwa brute force

our all field are selected click the clear button and clear all selected field

dvwa brute force

changing our Attack type mode cluster bomb for username field and password field and double click your username and click the add button and the

the second step is adding our password field now again double click the password field and click the add button

dvwa brute force

see the image file our username and password field is selected go to payloads section and import your username wordlist

I add command name our list

dvwa brute force

next step is adding wordlist for the password field changing our payload set now choose 2 fields and Load our password lists and click the start button

dvwa brute force

After completing our payloads now finding our right password double click the Lenght button and we see the different length our first table

checking the username and password select our first field and go-to response button and click the Render page

dvwa brute force

we see the dvwa message Welcome to the password-protected area our Bruteforce level is complete

DVWA Brute Force Low Level Security here