1. Use command injection for popping a reverse shell on the DVWA-VM to External Kali when the security level is set to “LOW.” You can configure either nc or Metasploit on the attacker machine to accept the reverse shell connection.
2.With the backdoor connection, complete the following sub-tasks from External Kali:
• Display the target machine’s network configuration.
• Display the target machine’s current network connections.
• Create a new MySQL user with the following information: o Username: o Password:
3. Remote access the MySQL from External Kali with the account created in the previous step.
Change the DVWA security levels and answer the following questions:
1. Analyze and compare the source PHP file at different security levels. Highlight and summarize the limitation of the codes that prevent the command injection, if any.
2. Based on the study above, can you still perform the command injection attacks where the security level is set to “Medium” and “High”? You don’t have to create a reverse shell as in Task A -1.