DVWA

From Network Security Wiki
Jump to navigation Jump to search


Source: linuxsecurityblog.com, th3phantoms.blogspot.in

Installation:

sudo apt update && sudo apt upgrade
sudo apt install apache2 mysql-server libapache2-mod-php7.0 libapache2-mod-fastcgi php7.0-fpm php7.0 php-mysql php7.0-mbstring php7.0-gd

When prompted, create a password for MySQL.

Edit PHP function:

sudo vim /etc/php/7.0/apache2/php.ini 
allow_url_include = On

In the bottom of apache.conf add the hostname:

nano /etc/apache2/apache2.conf
ServerName localhost

Download the DVWA files:

https://github.com/ethicalhack3r/DVWA/archive/master.zip

Rename config.inc.php and Edit MySQL password:

sudo mv /var/www/html/dvwa/config/config.inc.php.dist /var/www/html/dvwa/config/config.inc.php
sudo vim /var/www/html/dvwa/config/config.inc.php
$_DVWA[ 'db_password' ] = 'dbpassword'; 

Give the write permission to folder and file:

sudo chmod 777 /var/www/html/dvwa/hackable/uploads/

If there are access related issue then only make the directory globally writeable:

sudo chmod -R 777 /var/www/html/dvwa

Create DVWA database:

mysql -u root -p
create database dvwa;
exit

Open the application & scrolling down and find the button Create / Reset Database

http://10.10.10.1/dvwa/setup.php

Restart Apache:

sudo service apache2 restart

Access the application:

http://10.10.10.1/dvwa/
username: admin
password: password



References





blog comments powered by Disqus