9) Switch to Burp Suite, click on the Proxy tab, and click on the Forward button.

10) Switch to Firefox window. You will see the login window below. This is the “Damn Vulnerable Web Application” hosted on the OWASP BWA machine on Netlab.

11) At the login page, type admin as the username and type incorrect as the password. Click on the Login button.

12) Switch to Burp Suite, verify that the HTTP request is captured and also confirm that the Burp Suite has captured the username and password you typed.

13) Right-click anywhere at the bottom section and click on “Send to Intruder”

14) Click on Intruder Tab (1), and then click on the Positions Tab (2), and finally click on the Clear button (3).

15) Highlight the password value (1) and click on the Add button (2).

16) Click on Payloads Tab (1), and then Load button (2).

17) Navigate to /usr/share/wordlists/metasploit and click on http_default_pass.txt, and click Open (3)

18) Click on the Start Attack button on the top right. Click on OK for the message box about Community edition limitations.

19) Burp Suite tries all passwords in the dictionary file. The brute force attack will last around 15 seconds as there is a limited number of passwords in the file. Click on the Response tab, as shown in the figure below. All failed login attempts will be redirected to the login.php page. Successful logins will be redirected to the index.php page, as shown in the figure below.

Switch to the Request tab and take a screenshot of the Raw section where you see the username and password pair in the request traffic.

Section-4: Brute Force Password Attack against Telnet Protocol

In this lab, you will use the dictionary file you used in Section-3 to launch a brute force attack against Telnet service on Windows 7 Target computer.

1) Open a terminal window on Kali Linux on Netlab

2) Go to the path where word list is store by typing cd /usr/share/wordlists/metasploit

3)