Damn Vulnerable Web App 'DVWA' and upload backdoor 'weevely'

        in this article I will try to give a tutorial, about doing a damn vulnerable web app "dvwa".,
and upload backdor 'weevely'

Here the authors use sqlmap.,
for those who want to read the manual sqlmap can be seen in

•  The first thing to do to run apache2 and mysql

•  then open the DVWA on your web browser

 Username : admin
 Password  : password

• Now we are setting up security., and select high.

•  then select the SQL injection

• Now open Burp suite.

•  to get a response to the Burp suit ., we have to do the proxy settings.,
  for those who do not have a proxy 8080.

 click add new proxy port input 8080

•  then input as shown below

•  Now look at the Burp suite.,

 for those who want to know the usefulness Burp suite just follow my steps., then you will understand yourself., but okay., I'll try to give an overview of the Burp suite

Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, authentication, downstream proxies, logging, alerting and extensibility.

•  Now we go to sqlmap

 usefulness sqlmap  this to perform pentesting sql injection in a web., that in it we can take over the database, and much more.
what is sql injection, can be viewed here:  explanation
 

 okeey., ready ....
The first thing we tried to see the database victime

./sqlmap.py -u "url victim" --cokie "Data from the Burp suite" --dbs

 Now we get the database

• now i want to get the data users and passwords

by using the command: --string="Surname" --users --passwords

I chose 1

 wait until the process is successful

yaap., beautiful., we have to get it (9 * o *) 9







backdoor of weevely:
-------------------------- 

usefulness backdoor one of them is that we can access the web without having to use the admin login page

• Now we try to make backdor

•  to create a backdoor Weevely using the command : ./weevely.py generate "your_password" "place_a_backdoor/'name_backdor' "

• I try to view the contents of the backdoor

• Now we are trying to upload

 but I failed to do so

• I tried to remember the words of my assistants., which raised the question of chmod., and I tried to find articles about the chmod ..   

Licensing utility files and directories (chmod) is set permit access to a file / directory to the user, group and user / group else.
Permission is divided into three kinds. 
READ (r). Can be read (either file or directory)
WRITE (w). Can write / edit (if the file) and create a file / new directory (if directory)
EXECUTE (x). Can be executed (if the file) and enter (if the directory)

•  The first thing I did was locate the directory upload dvwa

• after getting the directory., I try to do the chmod 

•  I try to upload again weevely.php but still failed.

I then tried to create a new weevely and now use format .jpeg

•  Now I try to run a backdoor that I have made

  

  but failed

>.<

•  I then tried to run using a file directory

 I still have not been able to gain access., I have to learn harder


 my video tutorial:
part 1:

Part 2: