Lab 10-1: DVWA - Manual SQL Injection and Password Cracking

Why would an attacker send 1=1 to a remote server?

1=1 always is true, and therefore causes the server perform the action associated with a true response.

What is SQL injection?

Injecting SQL into an application input which is then used to build a SQL Select statement

How does John the Ripper (John) guess passwords?

John hashes the guess and compares it to the list of password hashes to be cracked

Which of the following are hashing algorithms? [Choose two that apply]

MD5 & Windows LM

Which ASCII character can help attacks determine if a server is potentially vulnerable to SQL injection?

Single Quote (')