-
Notifications
You must be signed in to change notification settings - Fork 2k
/
Copy pathresponse.txt
209 lines (88 loc) · 5.91 KB
/
response.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Damn Vulnerable Web App (DVWA) v1.0.7 :: Vulnerability: Brute Force</title>
<link rel="stylesheet" type="text/css" href="../../dvwa/css/main.css" />
<link rel="icon" type="\image/ico" href="../../favicon.ico" />
<script type="text/javascript" src="../../dvwa/js/dvwaPage.js"></script>
</head>
<body class="home">
<div id="container">
<div id="header">
<img src="../../dvwa/images/logo.png" alt="Damn Vulnerable Web App" />
</div>
<div id="main_menu">
<div id="main_menu_padded">
<ul><li onclick="window.location='../../.'" class=""><a href="../../.">Home</a></li><li onclick="window.location='../../instructions.php'" class=""><a href="../../instructions.php">Instructions</a></li><li onclick="window.location='../../setup.php'" class=""><a href="../../setup.php">Setup</a></li></ul><ul><li onclick="window.location='../../vulnerabilities/brute/.'" class=""><a href="../../vulnerabilities/brute/.">Brute Force</a></li><li onclick="window.location='../../vulnerabilities/exec/.'" class="selected"><a href="../../vulnerabilities/exec/.">Command Execution</a></li><li onclick="window.location='../../vulnerabilities/csrf/.'" class=""><a href="../../vulnerabilities/csrf/.">CSRF</a></li><li onclick="window.location='../../vulnerabilities/fi/.?page=include.php'" class=""><a href="../../vulnerabilities/fi/.?page=include.php">File Inclusion</a></li><li onclick="window.location='../../vulnerabilities/sqli/.'" class=""><a href="../../vulnerabilities/sqli/.">SQL Injection</a></li><li onclick="window.location='../../vulnerabilities/sqli_blind/.'" class=""><a href="../../vulnerabilities/sqli_blind/.">SQL Injection (Blind)</a></li><li onclick="window.location='../../vulnerabilities/upload/.'" class=""><a href="../../vulnerabilities/upload/.">Upload</a></li><li onclick="window.location='../../vulnerabilities/xss_r/.'" class=""><a href="../../vulnerabilities/xss_r/.">XSS reflected</a></li><li onclick="window.location='../../vulnerabilities/xss_s/.'" class=""><a href="../../vulnerabilities/xss_s/.">XSS stored</a></li></ul><ul><li onclick="window.location='../../security.php'" class=""><a href="../../security.php">DVWA Security</a></li><li onclick="window.location='../../phpinfo.php'" class=""><a href="../../phpinfo.php">PHP Info</a></li><li onclick="window.location='../../about.php'" class=""><a href="../../about.php">About</a></li></ul><ul><li onclick="window.location='../../logout.php'" class=""><a href="../../logout.php">Logout</a></li></ul>
</div>
</div>
<div id="main_body">
<div class="body_padded">
<h1>Vulnerability: Command Execution</h1>
<div class="vulnerable_code_area">
<h2>Ping for FREE</h2>
<p>Enter an IP address below:</p>
<form name="ping" action="#" method="post">
<input type="text" name="ip" size="30">
<input type="submit" value="submit" name="submit">
</form>
<pre>root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/bin/sh
bin:x:2:2:bin:/bin:/bin/sh
sys:x:3:3:sys:/dev:/bin/sh
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/bin/sh
man:x:6:12:man:/var/cache/man:/bin/sh
lp:x:7:7:lp:/var/spool/lpd:/bin/sh
mail:x:8:8:mail:/var/mail:/bin/sh
news:x:9:9:news:/var/spool/news:/bin/sh
uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
proxy:x:13:13:proxy:/bin:/bin/sh
www-data:x:33:33:www-data:/var/www:/bin/sh
backup:x:34:34:backup:/var/backups:/bin/sh
list:x:38:38:Mailing List Manager:/var/list:/bin/sh
irc:x:39:39:ircd:/var/run/ircd:/bin/sh
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
libuuid:x:100:101::/var/lib/libuuid:/bin/sh
dhcp:x:101:102::/nonexistent:/bin/false
syslog:x:102:103::/home/syslog:/bin/false
klog:x:103:104::/home/klog:/bin/false
sshd:x:104:65534::/var/run/sshd:/usr/sbin/nologin
msfadmin:x:1000:1000:msfadmin,,,:/home/msfadmin:/bin/bash
bind:x:105:113::/var/cache/bind:/bin/false
postfix:x:106:115::/var/spool/postfix:/bin/false
ftp:x:107:65534::/home/ftp:/bin/false
postgres:x:108:117:PostgreSQL administrator,,,:/var/lib/postgresql:/bin/bash
mysql:x:109:118:MySQL Server,,,:/var/lib/mysql:/bin/false
tomcat55:x:110:65534::/usr/share/tomcat5.5:/bin/false
distccd:x:111:65534::/:/bin/false
user:x:1001:1001:just a user,111,,:/home/user:/bin/bash
service:x:1002:1002:,,,:/home/service:/bin/bash
telnetd:x:112:120::/nonexistent:/bin/false
proftpd:x:113:65534::/var/run/proftpd:/bin/false
statd:x:114:65534::/var/lib/nfs:/bin/false
</pre>
</div>
<h2>More info</h2>
<ul>
<li><a href="http://hiderefer.com/?http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution" target="_blank">http://www.scribd.com/doc/2530476/Php-Endangers-Remote-Code-Execution</a></li>
<li><a href="http://hiderefer.com/?http://www.ss64.com/bash/" target="_blank">http://www.ss64.com/bash/</a></li>
<li><a href="http://hiderefer.com/?http://www.ss64.com/nt/" target="_blank">http://www.ss64.com/nt/</a></li>
</ul>
</div>
<br />
<br />
</div>
<div class="clear">
</div>
<div id="system_info">
<input type="button" value="View Help" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_help.php?id=exec&security=medium' )"> <input type="button" value="View Source" class="popup_button" onClick="javascript:popUp( '../../vulnerabilities/view_source.php?id=exec&security=medium' )"> <div align="left"><b>Username:</b> admin<br /><b>Security Level:</b> medium<br /><b>PHPIDS:</b> disabled</div>
</div>
<div id="footer">
<p>Damn Vulnerable Web Application (DVWA) v1.0.7</p>
</div>
</div>
</body>
</html>