Begin by using docker to launch the mutillidae exploitable framework:
docker run -p 1337:80 szsecurity/mutillidae
The objective is to dump the
accounts table from the
nowasp database using sql injections. You should use the
burpsuite program in Kali as demonstrated in class, then use the
sqlmap program. There is an instructional video back on the schedule page that shows how I did this with DVWA.
If I was using the browser and burpsuite on Kali, I first had to modify a browser setting so that all my traffic would go to the Burp proxy. Go to about:config and change network.proxy.allow_hijacking_localhost to true. Make sure you set your proxy settings to 127.0.0.1 and port 8080.
Hint: Don’t have burpsuite intercept anything until you are ready to load the form. The form you are looking for is under owasp 2013->A1->SQL1->user info.
To pass off
Upload your screenshot of your dumped table and a timestamp.
Last Updated 03/22/2021