cytopia
I Cant Login to DVWA
Good afternoon,
I am trying to access DVWA through the web but it does not allow me to authenticate with the credentials provided by the repository in the Usage section:
Username: admin Password: password
This is the default password.
Reviewing the manifests (deployment-dvwa.yml) you can see that the container configuration is in dvwa-secrets
-name: MYSQL_HOSTNAME
value: dvwa-mysql-service
-name: MYSQL_DATABASE
valueFrom:
secretKeyRef:
name: dvwa-secrets
key: DVWA_DATABASE
-name: MYSQL_USERNAME
valueFrom:
secretKeyRef:
name: dvwa-secrets
key: DVWA_USERNAME
-name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: dvwa-secrets
key: DVWA_PASSWORD
In (secrets.yml) are the credentials for the database.
ROOT_PASSWORD: czNyMDB0cGE1NQ== | s3r00tpa55 DVWA_USERNAME: ZHZ3YQ== | dvwa DVWA_PASSWORD: cEBzc3dvcmQ= | p@ssword DVWA_DATABASE: ZHZ3YQ== | p@ssword
I check in the environment variables of the pod and they are the same:
Gold3nH1nd:PoC1-cytopia dposada$ kubectl exec -it dvwa-mysql-f7979f7d7-gjnhd env |grep MYSQL kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead. MYSQL_PASSWORD=p@ssword MYSQL_DATABASE=dvwa MYSQL_ROOT_PASSWORD=s3r00tpa55 MYSQL_USER=dvwa
I tried to use these passwords to access and change the DVWA user and password settings but it says that the database is empty.
MariaDB [(none)]> use dvwa; Database changed MariaDB [dvwa]> show tables; Empty set (0.00 sec)
I tried checking the database configuration as such and found a password.
MariaDB [dvwa]> select Host,User, Password from mysql.user where mysql.user.User = 'dvwa'; +------+------+----------------------------------- --------+ | host | user | Password | +------+------+----------------------------------- --------+ | % | dvwa | *4F477FE814A0E3A4A5FD42BBB87C2DE8C36750DE | +------+------+----------------------------------- --------+ 1 row in set (0.00 sec)
Again listed is the password for the database.
Another query.
MariaDB [dvwa]> select user, Password from mysql.user; +------+-------------------------------------------+ | user | Password | +------+-------------------------------------------+ | root | *E5DA0CA0CD44F91DB3043207C23A9705704AD616 | | dvwa | *4F477FE814A0E3A4A5FD42BBB87C2DE8C36750DE | | root | *E5DA0CA0CD44F91DB3043207C23A9705704AD616 | +------+-------------------------------------------+ 3 rows in set (0.00 sec)
Also look for the password in the pod path /var/www/html/config/config.inc.php
and again the passwords for the database appear but not for DVWA.
Finally try reconfiguring the application
http://a383280f0a18b4beb9fdfdf8a0355fba-340159500.us-east-1.elb.amazonaws.com:8081/setup.php
And appears
Database Setup Click on the 'Create / Reset Database' button below to create or reset your database. If you get an error make sure you have the correct user credentials in: /var/www/html/config/config.inc.php
If the database already exists, it will be cleared and the data will be reset. You can also use this to reset the administrator credentials ("admin // password") at any stage.
user: admin password: password
They didn't work either.
Finally, I wanted to know, please, what is the password to access the application? Maybe it would not be with the default but with the root one?
Thank you so much.
there is something wrong with this DVWA k8s
you can use a single deployment file instead
apiVersion: apps/v1 kind: Deployment metadata: name: dvwa spec: replicas: 1 selector: matchLabels: app: dvwa template: metadata: labels: app: dvwa spec: containers: - name: dvwa image: vulnerables/web-dvwa ports: - containerPort: 80
apiVersion: v1 kind: Service metadata: name: dvwa spec: selector: app: dvwa ports: - protocol: TCP port: 80 targetPort: 80
TXT.txt -> for downloading the code
and deploy it should work fine with username: admin password: password
