Install and configure Damn vulnerable web app(DVWA).
Damn vulnerable web app(DVWA) is a tool designed for web penetration testing.You can practice your hacking skills in a legal environment on your local computer. As the name suggest DVWA is vulnerable for Sql Injection,xss and remote file inclusion and bruteforce etc.
It gives you a lab on your local computer to practice your hacking skills without having set to up virtual machines.Lets Start the installation process.
Things you need to set Up DVWA
- Kali Linux
- DVWA. Download DVWA from here
- Apache web server(Pre-Installed In Kali Linux)
Once you have downloaded DVWA then you have to unzip the file.
Now switch to the directory where you have your downloaded DVWA zipped file.In my case i have placed in the desktop. Open your terminal and type cd Desktop if your file is in Download directory type cd Download.
Type the following command ls
Now we need to unzip DVWA file type the following command in your terminal
root@seven:~/Desktop# unzip DVWA-1.9.zip
Now type ls again in your terminal and you will see an unzipped directory DVWA-1.9 .
Before going further we need to start 2 necessary services. Apache web server and Mysql server.
Start Apache web server type the following command
root@seven:~# service apache2 start
now check apache2 status whether it is running or not with the following command.
root@seven:~# service apache2 status
As you can see our apache2 is up and running which is highlighted with text (Active and running).
Start Mysql server type the following command in your terminal.
root@seven:~# service mysql start
Check whether it's running or not.
root@seven:~# service mysql status
As you can see it's up and running highlighted with green texts.
Now we need to move whole directory (DVWA-1.9) to the /var/www/html because in kali linux 2.0 default server for web
pages in apache is /var/www but in this case it is going to be /var/www/html .
So we need to move our extracted directory DVWA-1.9 to /var/www/html directory.
You can do it graphically too just copy the dvwa file and paste to html directory.Or follow the below step.
Type the following command in your terminal.The below coomand willl do 2 things
1-it will move directory to the /var/www/html.
2-it will rename DVWA-1.9 to dvwa reason for renaming is that it is easy to remember.later on we will need to type this on our browser.You must be inside the same directory as DVWA-1.9 to execute below command.
root@seven:~/Desktop# mv DVWA-1.9 /var/www/html/dvwa
Now we need to give read,write and execute permission to dwva directory.Make sure that your present working directory is /var/www/html.So change your directory to html first with following command:
root@seven:~# cd /var/www/html
type the following command to give read , write and execute permission to dvwa.
root@seven:/var/www/html# chmod -R 755 dvwa
Now we need to configure config.inc.php file which is present inside config directory.So change directory to config directory.
root@seven:/var/www/html# cd dvwa/config
Open config.inc. file in nano editor with the following command:
Remove the default password and leave the password field blank. press ctr+o to Save and ctr+x to exit.
now we need to create password for root user type the following command.Make sure that you are inside the same directory as me(config).When you are asked to enter password just press enter leave password field blank.
root@seven:/var/www/html/dwva/config# mysql -u root -p
When you execute above command successfully you will be presented with mysql shell. Now we need to create another database.Type the following command.
create database dvwa1;
Type exit to come out of mysql shell.
Now we need to reset our database on our local server.Be careful here copy and paste this command carefully.
curl --data 'create db=create+%2F+Reset+Database' http://127.0.0.1/dvwa/setup.php# --cookie PHPESSID=1
Now go to the browser and paste this url: http://localhost/dvwa/login.php
If you are following along correctly then a login page should open.If you are not then i suggest go back do it from the scratch.
Use these credentials to login:
Please do share if it helped you thanks.